From 7fd04bcac7813221ad3a18af2e930a03fa510a75 Mon Sep 17 00:00:00 2001 From: Miheer Salunke Date: Sat, 1 Jul 2023 15:09:15 +1000 Subject: [PATCH 1/3] Vendored packages after running `go mod tidy` and `go mod vendor` --- go.mod | 90 +- go.sum | 98 +- ...ersion-operator_01_clusterversion.crd.yaml | 6 + ...01_infrastructure-CustomNoUpgrade.crd.yaml | 94 ++ ...perator_01_infrastructure-Default.crd.yaml | 21 + ...frastructure-TechPreviewNoUpgrade.crd.yaml | 76 + .../v1/custom.infrastructure.testsuite.yaml | 371 ++++- .../openshift/api/config/v1/feature_gates.go | 10 - .../v1/stable.infrastructure.testsuite.yaml | 489 ++++++ .../techpreview.infrastructure.testsuite.yaml | 453 ++---- .../api/config/v1/types_cluster_version.go | 25 +- .../openshift/api/config/v1/types_feature.go | 3 +- .../api/config/v1/types_infrastructure.go | 83 +- .../api/config/v1/zz_generated.deepcopy.go | 44 +- .../v1/zz_generated.swagger_doc_generated.go | 29 +- ...rd.yaml => 00_consoleclidownload.crd.yaml} | 0 ...aml => 00_consoleexternalloglink.crd.yaml} | 0 ...elink.crd.yaml => 00_consolelink.crd.yaml} | 0 ...d.yaml => 00_consolenotification.crd.yaml} | 0 ...crd.yaml => 00_consolequickstart.crd.yaml} | 0 ...ple.crd.yaml => 00_consolesample.crd.yaml} | 0 ...crd.yaml => 00_consoleyamlsample.crd.yaml} | 0 ...gin.crd.yaml => 90_consoleplugin.crd.yaml} | 0 .../stable.consoleclidownload.testsuite.yaml | 2 +- ...able.consoleexternalloglink.testsuite.yaml | 2 +- .../v1/stable.consolelink.testsuite.yaml | 2 +- .../stable.consolenotification.testsuite.yaml | 2 +- .../v1/stable.consoleplugin.testsuite.yaml | 2 +- .../stable.consolequickstart.testsuite.yaml | 2 +- .../v1/stable.consolesample.testsuite.yaml | 2 +- .../stable.consoleyamlsample.testsuite.yaml | 2 +- ...gin.crd.yaml => 90_consoleplugin.crd.yaml} | 0 .../stable.consoleplugin.testsuite.yaml | 2 +- .../0000_10_controlplanemachineset.crd.yaml | 5 +- ...olplanemachineset.openstack.testsuite.yaml | 47 +- .../v1/types_controlplanemachineset.go | 11 +- .../v1/zz_generated.swagger_doc_generated.go | 2 +- ...ess-operator_00-ingresscontroller.crd.yaml | 124 ++ ....crd.yaml => 00_console-operator.crd.yaml} | 0 .../operator/v1/stable.console.testsuite.yaml | 2 +- .../stable.ingresscontroller.testsuite.yaml | 463 ++++++ .../api/operator/v1/types_ingress.go | 138 ++ .../api/operator/v1/zz_generated.deepcopy.go | 85 ++ .../v1/zz_generated.swagger_doc_generated.go | 40 + .../openshift/api/route/v1/generated.pb.go | 1328 +++++++++++++++-- .../openshift/api/route/v1/generated.proto | 151 ++ .../route/v1/route-CustomNoUpgrade.crd.yaml | 129 +- .../v1/route-TechPreviewNoUpgrade.crd.yaml | 129 +- .../openshift/api/route/v1/route.crd.yaml | 129 +- .../api/route/v1/stable.route.testsuite.yaml | 591 ++++++++ .../openshift/api/route/v1/types.go | 160 ++ .../api/route/v1/zz_generated.deepcopy.go | 106 ++ .../v1/zz_generated.swagger_doc_generated.go | 51 +- ...fig.crd.yaml => 00_samplesconfig.crd.yaml} | 0 .../samples/v1/stable.config.testsuite.yaml | 2 +- .../library-go/pkg/features/features.go | 4 +- .../pkg/route/validation/validation.go | 134 +- .../apimachinery/pkg/runtime/converter.go | 4 +- .../k8s.io/apimachinery/pkg/util/wait/loop.go | 19 +- vendor/k8s.io/client-go/util/cert/cert.go | 27 +- .../pkg/apis/core/validation/validation.go | 7 + vendor/modules.txt | 90 +- 62 files changed, 5172 insertions(+), 716 deletions(-) rename vendor/github.com/openshift/api/console/v1/{0000_10_consoleclidownload.crd.yaml => 00_consoleclidownload.crd.yaml} (100%) rename vendor/github.com/openshift/api/console/v1/{0000_10_consoleexternalloglink.crd.yaml => 00_consoleexternalloglink.crd.yaml} (100%) rename vendor/github.com/openshift/api/console/v1/{0000_10_consolelink.crd.yaml => 00_consolelink.crd.yaml} (100%) rename vendor/github.com/openshift/api/console/v1/{0000_10_consolenotification.crd.yaml => 00_consolenotification.crd.yaml} (100%) rename vendor/github.com/openshift/api/console/v1/{0000_10_consolequickstart.crd.yaml => 00_consolequickstart.crd.yaml} (100%) rename vendor/github.com/openshift/api/console/v1/{0000_10_consolesample.crd.yaml => 00_consolesample.crd.yaml} (100%) rename vendor/github.com/openshift/api/console/v1/{0000_10_consoleyamlsample.crd.yaml => 00_consoleyamlsample.crd.yaml} (100%) rename vendor/github.com/openshift/api/console/v1/{0000_10_consoleplugin.crd.yaml => 90_consoleplugin.crd.yaml} (100%) rename vendor/github.com/openshift/api/console/v1alpha1/{0000_10_consoleplugin.crd.yaml => 90_consoleplugin.crd.yaml} (100%) rename vendor/github.com/openshift/api/operator/v1/{0000_70_console-operator.crd.yaml => 00_console-operator.crd.yaml} (100%) rename vendor/github.com/openshift/api/samples/v1/{0000_10_samplesconfig.crd.yaml => 00_samplesconfig.crd.yaml} (100%) diff --git a/go.mod b/go.mod index eb6d9a564d..e590d994e8 100644 --- a/go.mod +++ b/go.mod @@ -18,29 +18,29 @@ require ( github.com/jteeuwen/go-bindata v3.0.8-0.20151023091102-a0ff2567cfb7+incompatible github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.0.3-0.20220114050600-8b9d41f48198 - github.com/openshift/api v0.0.0-20230718161610-2a3e8b481cec + github.com/openshift/api v0.0.0-20230807132801-600991d550ac github.com/openshift/apiserver-library-go v0.0.0-20230503174907-d9b2bf6185e9 github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d github.com/openshift/client-go v0.0.0-20230503144108-75015d2347cb - github.com/openshift/library-go v0.0.0-20230714173235-d8d3f3f8a9e4 + github.com/openshift/library-go v0.0.0-20230808150704-ce4395c85e8c github.com/openshift/runtime-utils v0.0.0-20220926190846-5c488b20a19f github.com/spf13/cobra v1.6.1 github.com/spf13/pflag v1.0.5 go.etcd.io/etcd/client/v3 v3.5.7 - k8s.io/api v0.27.2 - k8s.io/apiextensions-apiserver v0.27.2 - k8s.io/apimachinery v0.27.2 - k8s.io/apiserver v0.27.2 - k8s.io/client-go v0.27.2 - k8s.io/cloud-provider v0.27.2 - k8s.io/code-generator v0.27.2 - k8s.io/component-base v0.27.2 - k8s.io/component-helpers v0.27.2 + k8s.io/api v0.27.4 + k8s.io/apiextensions-apiserver v0.27.4 + k8s.io/apimachinery v0.27.4 + k8s.io/apiserver v0.27.4 + k8s.io/client-go v0.27.4 + k8s.io/cloud-provider v0.27.4 + k8s.io/code-generator v0.27.4 + k8s.io/component-base v0.27.4 + k8s.io/component-helpers v0.27.4 k8s.io/klog/v2 v2.90.1 - k8s.io/kube-aggregator v0.27.2 + k8s.io/kube-aggregator v0.27.4 k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f - k8s.io/kubectl v0.27.2 - k8s.io/kubernetes v1.27.2 + k8s.io/kubectl v0.27.4 + k8s.io/kubernetes v1.27.4 k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 ) @@ -167,11 +167,11 @@ require ( gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/cli-runtime v0.27.2 // indirect - k8s.io/controller-manager v0.27.2 // indirect + k8s.io/cli-runtime v0.27.4 // indirect + k8s.io/controller-manager v0.27.4 // indirect k8s.io/gengo v0.0.0-20220902162205-c0856e24416d // indirect - k8s.io/kms v0.27.2 // indirect - k8s.io/kubelet v0.27.2 // indirect + k8s.io/kms v0.27.4 // indirect + k8s.io/kubelet v0.27.4 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/kustomize/api v0.13.2 // indirect @@ -183,32 +183,32 @@ require ( replace ( github.com/distribution/distribution/v3 => github.com/openshift/docker-distribution/v3 v3.0.0-20230613095533-f65dc997445a github.com/docker/docker => github.com/openshift/moby-moby v0.0.0-20190308215630-da810a85109d - k8s.io/api => k8s.io/api v0.27.2 - k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.27.2 - k8s.io/apimachinery => k8s.io/apimachinery v0.27.2 + k8s.io/api => k8s.io/api v0.27.4 + k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.27.4 + k8s.io/apimachinery => k8s.io/apimachinery v0.27.4 k8s.io/apiserver => github.com/openshift/kubernetes-apiserver v0.0.0-20230525090225-51d24b204b3b - k8s.io/cli-runtime => k8s.io/cli-runtime v0.27.2 - k8s.io/client-go => k8s.io/client-go v0.27.2 - k8s.io/cloud-provider => k8s.io/cloud-provider v0.27.2 - k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.27.2 - k8s.io/code-generator => k8s.io/code-generator v0.27.2 - k8s.io/component-base => k8s.io/component-base v0.27.2 - k8s.io/component-helpers => k8s.io/component-helpers v0.27.2 - k8s.io/controller-manager => k8s.io/controller-manager v0.27.2 - k8s.io/cri-api => k8s.io/cri-api v0.27.2 - k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.27.2 - k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.27.2 - k8s.io/kms => k8s.io/kms v0.27.2 - k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.27.2 - k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.27.2 - k8s.io/kube-proxy => k8s.io/kube-proxy v0.27.2 - k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.27.2 - k8s.io/kubectl => k8s.io/kubectl v0.27.2 - k8s.io/kubelet => k8s.io/kubelet v0.27.2 - k8s.io/kubernetes => k8s.io/kubernetes v1.27.2 - k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.27.2 - k8s.io/metrics => k8s.io/metrics v0.27.2 - k8s.io/mount-utils => k8s.io/mount-utils v0.27.2 - k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.27.2 - k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.27.2 + k8s.io/cli-runtime => k8s.io/cli-runtime v0.27.4 + k8s.io/client-go => k8s.io/client-go v0.27.4 + k8s.io/cloud-provider => k8s.io/cloud-provider v0.27.4 + k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.27.4 + k8s.io/code-generator => k8s.io/code-generator v0.27.4 + k8s.io/component-base => k8s.io/component-base v0.27.4 + k8s.io/component-helpers => k8s.io/component-helpers v0.27.4 + k8s.io/controller-manager => k8s.io/controller-manager v0.27.4 + k8s.io/cri-api => k8s.io/cri-api v0.27.4 + k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.27.4 + k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.27.4 + k8s.io/kms => k8s.io/kms v0.27.4 + k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.27.4 + k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.27.4 + k8s.io/kube-proxy => k8s.io/kube-proxy v0.27.4 + k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.27.4 + k8s.io/kubectl => k8s.io/kubectl v0.27.4 + k8s.io/kubelet => k8s.io/kubelet v0.27.4 + k8s.io/kubernetes => k8s.io/kubernetes v1.27.4 + k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.27.4 + k8s.io/metrics => k8s.io/metrics v0.27.4 + k8s.io/mount-utils => k8s.io/mount-utils v0.27.4 + k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.27.4 + k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.27.4 ) diff --git a/go.sum b/go.sum index cc25c63be2..8ac3fc9210 100644 --- a/go.sum +++ b/go.sum @@ -577,7 +577,7 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= -github.com/google/cadvisor v0.47.1/go.mod h1:iJdTjcjyKHjLCf7OSTzwP5GxdfrkPusw2x5bwGvuLUw= +github.com/google/cadvisor v0.47.2/go.mod h1:iJdTjcjyKHjLCf7OSTzwP5GxdfrkPusw2x5bwGvuLUw= github.com/google/cel-go v0.12.6 h1:kjeKudqV0OygrAqA9fX6J55S8gj+Jre2tckIm5RoG4M= github.com/google/cel-go v0.12.6/go.mod h1:Jk7ljRzLBhkmiAwBoUxB1sZSCVBAzkqPF25olK/iRDw= github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg= @@ -1009,8 +1009,8 @@ github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3 github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8= github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= github.com/opencontainers/selinux v1.10.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= -github.com/openshift/api v0.0.0-20230718161610-2a3e8b481cec h1:rdkrEAVD8MeBimjIKkZ+wGm+TkTfG2eDEHUuAjAWkEg= -github.com/openshift/api v0.0.0-20230718161610-2a3e8b481cec/go.mod h1:yimSGmjsI+XF1mr+AKBs2//fSXIOhhetHGbMlBEfXbs= +github.com/openshift/api v0.0.0-20230807132801-600991d550ac h1:HqT8MmYGXiUGUW0BjygTGOOvqO2wIsTaG3q8nboJyPY= +github.com/openshift/api v0.0.0-20230807132801-600991d550ac/go.mod h1:yimSGmjsI+XF1mr+AKBs2//fSXIOhhetHGbMlBEfXbs= github.com/openshift/apiserver-library-go v0.0.0-20230503174907-d9b2bf6185e9 h1:7SNTyJ2LGSrPzybeL7z08e5bSY921Cm0R6/cjtZEYJw= github.com/openshift/apiserver-library-go v0.0.0-20230503174907-d9b2bf6185e9/go.mod h1:pyUSwoDce710NhzXOmooyt5DBJjUEb2fifFSdKCcMyA= github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d h1:RR4ah7FfaPR1WePizm0jlrsbmPu91xQZnAsVVreQV1k= @@ -1021,8 +1021,8 @@ github.com/openshift/docker-distribution/v3 v3.0.0-20230613095533-f65dc997445a h github.com/openshift/docker-distribution/v3 v3.0.0-20230613095533-f65dc997445a/go.mod h1:+fqBJ4vPYo4Uu1ZE4d+bUtTLRXfdSL3NvCZIZ9GHv58= github.com/openshift/kubernetes-apiserver v0.0.0-20230525090225-51d24b204b3b h1:DBl3L9OsP3Z0d7+htBomUgwUz/xxmtg3gfNL25sqFvU= github.com/openshift/kubernetes-apiserver v0.0.0-20230525090225-51d24b204b3b/go.mod h1:EsOf39d75rMivgvvwjJ3OW/u9n1/BmUMK5otEOJrb1Y= -github.com/openshift/library-go v0.0.0-20230714173235-d8d3f3f8a9e4 h1:iIlpi144jZqPBPs6542Lz4p9MAPi/s5PLQ4XVxzXRwU= -github.com/openshift/library-go v0.0.0-20230714173235-d8d3f3f8a9e4/go.mod h1:PegtilvJPBJXjJG3AV8uL1a0SAnBr6K67ShNiWVb40M= +github.com/openshift/library-go v0.0.0-20230808150704-ce4395c85e8c h1:UJjxHFSTcasHxRXtDc3od9p7UJUBJxUKjhZHFyp2uUQ= +github.com/openshift/library-go v0.0.0-20230808150704-ce4395c85e8c/go.mod h1:ZFwNwC3opc/7aOvzUbU95zp33Lbxet48h80ryH3p6DY= github.com/openshift/moby-moby v0.0.0-20190308215630-da810a85109d h1:fLITXDjxMSvUDjnXs/zljIWktbST9+Om8XbrmmM7T4I= github.com/openshift/moby-moby v0.0.0-20190308215630-da810a85109d/go.mod h1:LJM49W8fBVSj+rvcopJZu9mgH5Tx6HwLHySIYeGeu4k= github.com/openshift/runtime-utils v0.0.0-20220926190846-5c488b20a19f h1:ubRzazPtplWWNWWX07v4ww74S9QL+B2RAxHJ8O00m7o= @@ -1116,8 +1116,8 @@ github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.6.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= -github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= -github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= +github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= +github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= github.com/rubiojr/go-vhd v0.0.0-20200706105327-02e210299021/go.mod h1:DM5xW0nvfNNm2uytzsvhI3OnX8uzaRAg8UX/CnDqbto= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= @@ -2065,30 +2065,30 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.2.1/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY= -k8s.io/api v0.27.2 h1:+H17AJpUMvl+clT+BPnKf0E3ksMAzoBBg7CntpSuADo= -k8s.io/api v0.27.2/go.mod h1:ENmbocXfBT2ADujUXcBhHV55RIT31IIEvkntP6vZKS4= -k8s.io/apiextensions-apiserver v0.27.2 h1:iwhyoeS4xj9Y7v8YExhUwbVuBhMr3Q4bd/laClBV6Bo= -k8s.io/apiextensions-apiserver v0.27.2/go.mod h1:Oz9UdvGguL3ULgRdY9QMUzL2RZImotgxvGjdWRq6ZXQ= -k8s.io/apimachinery v0.27.2 h1:vBjGaKKieaIreI+oQwELalVG4d8f3YAMNpWLzDXkxeg= -k8s.io/apimachinery v0.27.2/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E= -k8s.io/cli-runtime v0.27.2 h1:9HI8gfReNujKXt16tGOAnb8b4NZ5E+e0mQQHKhFGwYw= -k8s.io/cli-runtime v0.27.2/go.mod h1:9UecpyPDTkhiYY4d9htzRqN+rKomJgyb4wi0OfrmCjw= -k8s.io/client-go v0.27.2 h1:vDLSeuYvCHKeoQRhCXjxXO45nHVv2Ip4Fe0MfioMrhE= -k8s.io/client-go v0.27.2/go.mod h1:tY0gVmUsHrAmjzHX9zs7eCjxcBsf8IiNe7KQ52biTcQ= -k8s.io/cloud-provider v0.27.2 h1:IiQWyFtdzcPOqvrBZE9FCt0CDCx3GUcZhKkykEgKlM4= -k8s.io/cloud-provider v0.27.2/go.mod h1:QnFa2fPMEWntkpU+kOAC9MZ6DKUB9WTQmMGA0MuYoj0= -k8s.io/cluster-bootstrap v0.27.2/go.mod h1:b++PF0mjUOiTKdPQFlDw7p4V2VquANZ8SfhAwzxZJFM= -k8s.io/code-generator v0.27.2 h1:RmK0CnU5qRaK6WRtSyWNODmfTZNoJbrizpVcsgbtrvI= -k8s.io/code-generator v0.27.2/go.mod h1:DPung1sI5vBgn4AGKtlPRQAyagj/ir/4jI55ipZHVww= -k8s.io/component-base v0.27.2 h1:neju+7s/r5O4x4/txeUONNTS9r1HsPbyoPBAtHsDCpo= -k8s.io/component-base v0.27.2/go.mod h1:5UPk7EjfgrfgRIuDBFtsEFAe4DAvP3U+M8RTzoSJkpo= -k8s.io/component-helpers v0.27.2 h1:i9TgWJ6TH8lQ9x4ExHOwhVitrRpBOr7Wn8aZLbBWxkc= -k8s.io/component-helpers v0.27.2/go.mod h1:NwcpSKo1xzXtUtrUjj5NTSVWex84UPua/z0PYDcCzNo= -k8s.io/controller-manager v0.27.2 h1:S7984FVb5ajp8YqMQGAm8zXEUEl0Omw6FJlOiQU2Ne8= -k8s.io/controller-manager v0.27.2/go.mod h1:2HzIhmjKxSH5dJVjYLuJ7/v9HYluNDcHLh6ZyE6rT18= -k8s.io/cri-api v0.27.2/go.mod h1:+Ts/AVYbIo04S86XbTD73UPp/DkTiYxtsFeOFEu32L0= -k8s.io/csi-translation-lib v0.27.2/go.mod h1:S+jXLzOHm7wvroOja2VMLo9LGiIq9mS0/SyswJtWOjE= -k8s.io/dynamic-resource-allocation v0.27.2/go.mod h1:drwmePgR9Dc5Y3nYBHkduz+lYV2XukSTLYvV5qJOPKY= +k8s.io/api v0.27.4 h1:0pCo/AN9hONazBKlNUdhQymmnfLRbSZjd5H5H3f0bSs= +k8s.io/api v0.27.4/go.mod h1:O3smaaX15NfxjzILfiln1D8Z3+gEYpjEpiNA/1EVK1Y= +k8s.io/apiextensions-apiserver v0.27.4 h1:ie1yZG4nY/wvFMIR2hXBeSVq+HfNzib60FjnBYtPGSs= +k8s.io/apiextensions-apiserver v0.27.4/go.mod h1:KHZaDr5H9IbGEnSskEUp/DsdXe1hMQ7uzpQcYUFt2bM= +k8s.io/apimachinery v0.27.4 h1:CdxflD4AF61yewuid0fLl6bM4a3q04jWel0IlP+aYjs= +k8s.io/apimachinery v0.27.4/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E= +k8s.io/cli-runtime v0.27.4 h1:Zb0eci+58eHZNnoHhjRFc7W88s8dlG12VtIl3Nv2Hto= +k8s.io/cli-runtime v0.27.4/go.mod h1:k9Z1xiZq2xNplQmehpDquLgc+rE+pubpO1cK4al4Mlw= +k8s.io/client-go v0.27.4 h1:vj2YTtSJ6J4KxaC88P4pMPEQECWMY8gqPqsTgUKzvjk= +k8s.io/client-go v0.27.4/go.mod h1:ragcly7lUlN0SRPk5/ZkGnDjPknzb37TICq07WhI6Xc= +k8s.io/cloud-provider v0.27.4 h1:FkZ1z40+YPm+nEqkojgPbjNQ3QLvU98gsFW3ZbZnrwo= +k8s.io/cloud-provider v0.27.4/go.mod h1:LpqG1hrNPQQySPWrMrNNNGl79dK0fk/yTkYUlRMoaWU= +k8s.io/cluster-bootstrap v0.27.4/go.mod h1:sLvyEcIhRmoG8HhaIDy8htZ9MuaYK6nP+BMKGqqirBs= +k8s.io/code-generator v0.27.4 h1:bw2xFEBnthhCSC7Bt6FFHhPTfWX21IJ30GXxOzywsFE= +k8s.io/code-generator v0.27.4/go.mod h1:DPung1sI5vBgn4AGKtlPRQAyagj/ir/4jI55ipZHVww= +k8s.io/component-base v0.27.4 h1:Wqc0jMKEDGjKXdae8hBXeskRP//vu1m6ypC+gwErj4c= +k8s.io/component-base v0.27.4/go.mod h1:hoiEETnLc0ioLv6WPeDt8vD34DDeB35MfQnxCARq3kY= +k8s.io/component-helpers v0.27.4 h1:l1hn/Zx9mWXflo5xz1mo5RRW2g8b6rptWCG7My6rYoE= +k8s.io/component-helpers v0.27.4/go.mod h1:ayW5btpTdJkVv+CcxhzNRfWT+oPrV6T6qZ1Ay6NEJNI= +k8s.io/controller-manager v0.27.4 h1:iisi3D1AKknVAGgU1dk/HG/UusmBqeS2fCFiRAS0DnE= +k8s.io/controller-manager v0.27.4/go.mod h1:5+Fo0k+t3MDyuNLjmXzU/dJcD2c34ii8Wef+OmqhkVg= +k8s.io/cri-api v0.27.4/go.mod h1:+Ts/AVYbIo04S86XbTD73UPp/DkTiYxtsFeOFEu32L0= +k8s.io/csi-translation-lib v0.27.4/go.mod h1:yDQc83ATsJshOCKhvRuPSoGVJOduWvou4u7YRON4U98= +k8s.io/dynamic-resource-allocation v0.27.4/go.mod h1:plkvKEAgUQbEFmiGGd6FvmqMQ+oIZwKkl70Gcy5eM14= k8s.io/gengo v0.0.0-20201113003025-83324d819ded/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20220902162205-c0856e24416d h1:U9tB195lKdzwqicbJvyJeOXV7Klv+wNAWENRnXEGi08= @@ -2099,27 +2099,27 @@ k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw= k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kms v0.27.2 h1:wCdmPCa3kubcVd3AssOeaVjLQSu45k5g/vruJ3iqwDU= -k8s.io/kms v0.27.2/go.mod h1:dahSqjI05J55Fo5qipzvHSRbm20d7llrSeQjjl86A7c= -k8s.io/kube-aggregator v0.27.2 h1:jfHoPip+qN/fn3OcrYs8/xMuVYvkJHKo0H0DYciqdns= -k8s.io/kube-aggregator v0.27.2/go.mod h1:mwrTt4ESjQ7A6847biwohgZWn8P/KzSFHegEScbSGY4= -k8s.io/kube-controller-manager v0.27.2/go.mod h1:y5PLIX8tvjSOA3EQFUbwry9nliD8KKw4ib/aHl8N9ag= +k8s.io/kms v0.27.4 h1:FeT17HfqxZMP7dTq3Gpa9dG05iP3J3wgGtqGh1SUoN0= +k8s.io/kms v0.27.4/go.mod h1:0BY6tkfa+zOP85u8yE7iNNf1Yx7rEZnRQSWLEbsSk+w= +k8s.io/kube-aggregator v0.27.4 h1:WdK9iiBr32G8bWfpUEFVQl70RZO2dU19ZAktUXL5JFc= +k8s.io/kube-aggregator v0.27.4/go.mod h1:+eG83gkAyh0uilQEAOgheeQW4hr+PkyV+5O1nLGsjlM= +k8s.io/kube-controller-manager v0.27.4/go.mod h1:sCie5zxAAJyTOLd84Q072K3UXHBxdUDUnZ74aB7bIvg= k8s.io/kube-openapi v0.0.0-20230109183929-3758b55a6596/go.mod h1:/BYxry62FuDzmI+i9B+X2pqfySRmSOW2ARmj5Zbqhj0= k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg= k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg= -k8s.io/kube-proxy v0.27.2/go.mod h1:S0Dxzz/5F+RAk/9v7d42gPwwvv7WZ6IYjoXVj4kBWIY= -k8s.io/kube-scheduler v0.27.2/go.mod h1:Prpp+OHy8Ecl4ubsF2Zj7gDWYI8D1AP4ZSL8275VkOs= -k8s.io/kubectl v0.27.2 h1:sSBM2j94MHBFRWfHIWtEXWCicViQzZsb177rNsKBhZg= -k8s.io/kubectl v0.27.2/go.mod h1:GCOODtxPcrjh+EC611MqREkU8RjYBh10ldQCQ6zpFKw= -k8s.io/kubelet v0.27.2 h1:vpJnBkqQjxItEhehKG0toXoZ+G+tf4UXAOqtMJy6qgc= -k8s.io/kubelet v0.27.2/go.mod h1:1SVrHaLnuw53nQJx8036k9HjE0teDXZtbN51cYC0HSc= -k8s.io/kubernetes v1.27.2 h1:g4v9oY6u7vBUDEuq4FvC50Bbw2K7GZuvM00IIESWVf4= -k8s.io/kubernetes v1.27.2/go.mod h1:U8ZXeKBAPxeb4J4/HOaxjw1A9K6WfSH+fY2SS7CR6IM= -k8s.io/legacy-cloud-providers v0.27.2/go.mod h1:f0NDYP0WZNN1SnID37MvJ/5KXxy3IlgO5q4IgnYfnJs= -k8s.io/metrics v0.27.2/go.mod h1:v3OT7U0DBvoAzWVzGZWQhdV4qsRJWchzs/LeVN8bhW4= -k8s.io/mount-utils v0.27.2/go.mod h1:vmcjYdi2Vg1VTWY7KkhvwJVY6WDHxb/QQhiQKkR8iNs= -k8s.io/pod-security-admission v0.27.2/go.mod h1:jWVYAoR3AwJxwJ6tTQSVBZBBe4u0tvmFhyhpAWcOlYY= -k8s.io/sample-apiserver v0.27.2/go.mod h1:PSxCi2qEFo/ZCfIqfZv/WUL8fmV1m6HmeVHFvfAHUTc= +k8s.io/kube-proxy v0.27.4/go.mod h1:vp/SyVKvYKcfZuNpZBuvSRZ1WBLHzLFv+w2sRl6pSJU= +k8s.io/kube-scheduler v0.27.4/go.mod h1:3rbitDiZ6cNQwO7QEpt7Sk+IAyzq8uV6N5LYQkXKFUg= +k8s.io/kubectl v0.27.4 h1:RV1TQLIbtL34+vIM+W7HaS3KfAbqvy9lWn6pWB9els4= +k8s.io/kubectl v0.27.4/go.mod h1:qtc1s3BouB9KixJkriZMQqTsXMc+OAni6FeKAhq7q14= +k8s.io/kubelet v0.27.4 h1:P8+MoRx4ikcAc5eEa3k2A6kd8AXtoDRaoC8KX2HFZe4= +k8s.io/kubelet v0.27.4/go.mod h1:2y4peCA57vKEhBcDL6Q5EkPuGP7FFxj9U41NV9hk1ac= +k8s.io/kubernetes v1.27.4 h1:js5bonPoe7jgVPduNcWo6IjPTUdLzlnfhRgGmC7isM0= +k8s.io/kubernetes v1.27.4/go.mod h1:MbYZxAacYS6HjZ6VJuvKaKTilbzp0B0atzW3J8TFBEo= +k8s.io/legacy-cloud-providers v0.27.4/go.mod h1:edtgPAQyx/0Ua/d8I6F1xVVO8JGRCKAjI0mv/qMsLBI= +k8s.io/metrics v0.27.4/go.mod h1:kRvfhFC7wCQEFvu6H92uiV7v05z3Ty/vtluYT5D2Xpk= +k8s.io/mount-utils v0.27.4/go.mod h1:vmcjYdi2Vg1VTWY7KkhvwJVY6WDHxb/QQhiQKkR8iNs= +k8s.io/pod-security-admission v0.27.4/go.mod h1:GOcnrXk8TT5cPhtCxdlkOAvBnX3QmZiMHqPw9PbZhPs= +k8s.io/sample-apiserver v0.27.4/go.mod h1:YSO8XrFJ12xMYgKmKIg5rn8X34pCMV7B8hZIjv/v35M= k8s.io/system-validators v1.8.0/go.mod h1:gP1Ky+R9wtrSiFbrpEPwWMeYz9yqyy1S/KOh0Vci7WI= k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml index 0028eaa7b3..69a2ed280f 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml @@ -72,6 +72,8 @@ spec: - CSISnapshot - NodeTuning - MachineAPI + - Build + - DeploymentConfig x-kubernetes-list-type: atomic baselineCapabilitySet: description: baselineCapabilitySet selects an initial set of optional capabilities to enable, which can be extended via additionalEnabledCapabilities. If unset, the cluster will choose a default, and the default may change over time. The current default is vCurrent. @@ -195,6 +197,8 @@ spec: - CSISnapshot - NodeTuning - MachineAPI + - Build + - DeploymentConfig x-kubernetes-list-type: atomic knownCapabilities: description: knownCapabilities lists all the capabilities known to the current cluster. @@ -212,6 +216,8 @@ spec: - CSISnapshot - NodeTuning - MachineAPI + - Build + - DeploymentConfig x-kubernetes-list-type: atomic conditionalUpdates: description: conditionalUpdates contains the list of updates that may be recommended for this cluster if it meets specific required conditions. Consumers interested in the set of updates that are actually recommended for this cluster should use availableUpdates. This list may be empty if no updates are recommended, if the update service is unavailable, or if an empty or invalid channel has been specified. diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml index 4ac2206b78..4c6d4c0744 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml @@ -615,7 +615,28 @@ spec: type: object external: description: External contains settings specific to the generic External infrastructure provider. + properties: + cloudControllerManager: + description: cloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI). When omitted, new nodes will be not tainted and no extra initialization from the cloud controller manager is expected. + properties: + state: + description: "state determines whether or not an external Cloud Controller Manager is expected to be installed within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager \n Valid values are \"External\", \"None\" and omitted. When set to \"External\", new nodes will be tainted as uninitialized when created, preventing them from running workloads until they are initialized by the cloud controller manager. When omitted or set to \"None\", new nodes will be not tainted and no extra initialization from the cloud controller manager is expected." + enum: + - "" + - External + - None + type: string + x-kubernetes-validations: + - message: state is immutable once set + rule: self == oldSelf + type: object + x-kubernetes-validations: + - message: state may not be added or removed once set + rule: (has(self.state) == has(oldSelf.state)) || (!has(oldSelf.state) && self.state != "External") type: object + x-kubernetes-validations: + - message: cloudControllerManager may not be added or removed once set + rule: has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager) gcp: description: GCP contains settings specific to the Google Cloud Platform infrastructure provider. properties: @@ -625,7 +646,80 @@ spec: region: description: region holds the region for new GCP resources created for the cluster. type: string + resourceLabels: + description: resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration. + items: + description: GCPResourceLabel is a label to apply to GCP resources created for the cluster. + properties: + key: + description: key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` and `openshift-io`. + maxLength: 63 + minLength: 1 + pattern: ^[a-z][0-9a-z_-]+$ + type: string + x-kubernetes-validations: + - message: label keys must not start with either `openshift-io` or `kubernetes-io` + rule: '!self.startsWith(''openshift-io'') && !self.startsWith(''kubernetes-io'')' + value: + description: value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. Value must contain only lowercase letters, numeric characters, and the following special characters `_-`. + maxLength: 63 + minLength: 1 + pattern: ^[0-9a-z_-]+$ + type: string + required: + - key + - value + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: resourceLabels are immutable and may only be configured during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) + resourceTags: + description: resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource. + items: + description: GCPResourceTag is a tag to apply to GCP resources created for the cluster. + properties: + key: + description: key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$ + type: string + parentID: + description: 'parentID is the ID of the hierarchical resource where the tags are defined, e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.' + maxLength: 32 + minLength: 1 + pattern: (^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$) + type: string + value: + description: value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$ + type: string + required: + - key + - parentID + - value + type: object + maxItems: 50 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: resourceTags are immutable and may only be configured during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) type: object + x-kubernetes-validations: + - message: resourceLabels may only be configured during installation + rule: '!has(oldSelf.resourceLabels) && !has(self.resourceLabels) || has(oldSelf.resourceLabels) && has(self.resourceLabels)' + - message: resourceTags may only be configured during installation + rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)' ibmcloud: description: IBMCloud contains settings specific to the IBMCloud infrastructure provider. properties: diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml index bb8817110f..64a54d5c5f 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml @@ -592,7 +592,28 @@ spec: type: object external: description: External contains settings specific to the generic External infrastructure provider. + properties: + cloudControllerManager: + description: cloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI). When omitted, new nodes will be not tainted and no extra initialization from the cloud controller manager is expected. + properties: + state: + description: "state determines whether or not an external Cloud Controller Manager is expected to be installed within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager \n Valid values are \"External\", \"None\" and omitted. When set to \"External\", new nodes will be tainted as uninitialized when created, preventing them from running workloads until they are initialized by the cloud controller manager. When omitted or set to \"None\", new nodes will be not tainted and no extra initialization from the cloud controller manager is expected." + enum: + - "" + - External + - None + type: string + x-kubernetes-validations: + - message: state is immutable once set + rule: self == oldSelf + type: object + x-kubernetes-validations: + - message: state may not be added or removed once set + rule: (has(self.state) == has(oldSelf.state)) || (!has(oldSelf.state) && self.state != "External") type: object + x-kubernetes-validations: + - message: cloudControllerManager may not be added or removed once set + rule: has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager) gcp: description: GCP contains settings specific to the Google Cloud Platform infrastructure provider. properties: diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml index e8fce28aa8..0698bc6803 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml @@ -634,6 +634,9 @@ spec: - message: state may not be added or removed once set rule: (has(self.state) == has(oldSelf.state)) || (!has(oldSelf.state) && self.state != "External") type: object + x-kubernetes-validations: + - message: cloudControllerManager may not be added or removed once set + rule: has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager) gcp: description: GCP contains settings specific to the Google Cloud Platform infrastructure provider. properties: @@ -643,7 +646,80 @@ spec: region: description: region holds the region for new GCP resources created for the cluster. type: string + resourceLabels: + description: resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration. + items: + description: GCPResourceLabel is a label to apply to GCP resources created for the cluster. + properties: + key: + description: key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` and `openshift-io`. + maxLength: 63 + minLength: 1 + pattern: ^[a-z][0-9a-z_-]+$ + type: string + x-kubernetes-validations: + - message: label keys must not start with either `openshift-io` or `kubernetes-io` + rule: '!self.startsWith(''openshift-io'') && !self.startsWith(''kubernetes-io'')' + value: + description: value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. Value must contain only lowercase letters, numeric characters, and the following special characters `_-`. + maxLength: 63 + minLength: 1 + pattern: ^[0-9a-z_-]+$ + type: string + required: + - key + - value + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: resourceLabels are immutable and may only be configured during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) + resourceTags: + description: resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource. + items: + description: GCPResourceTag is a tag to apply to GCP resources created for the cluster. + properties: + key: + description: key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$ + type: string + parentID: + description: 'parentID is the ID of the hierarchical resource where the tags are defined, e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.' + maxLength: 32 + minLength: 1 + pattern: (^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$) + type: string + value: + description: value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$ + type: string + required: + - key + - parentID + - value + type: object + maxItems: 50 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: resourceTags are immutable and may only be configured during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) type: object + x-kubernetes-validations: + - message: resourceLabels may only be configured during installation + rule: '!has(oldSelf.resourceLabels) && !has(self.resourceLabels) || has(oldSelf.resourceLabels) && has(self.resourceLabels)' + - message: resourceTags may only be configured during installation + rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)' ibmcloud: description: IBMCloud contains settings specific to the IBMCloud infrastructure provider. properties: diff --git a/vendor/github.com/openshift/api/config/v1/custom.infrastructure.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/custom.infrastructure.testsuite.yaml index ab1a123b60..24433f4f75 100644 --- a/vendor/github.com/openshift/api/config/v1/custom.infrastructure.testsuite.yaml +++ b/vendor/github.com/openshift/api/config/v1/custom.infrastructure.testsuite.yaml @@ -1,104 +1,321 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Custom] DNS" -crd: 0000_10_config-operator_01_dns-CustomNoUpgrade.crd.yaml +name: "[Custom] Infrastructure" +crd: 0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml tests: onCreate: - - name: Should be able to create a minimal DNS + - name: Should be able to create a minimal Infrastructure initial: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: {} # No spec is required for a DNS + kind: Infrastructure + spec: {} # No spec is required for a Infrastructure expected: | apiVersion: config.openshift.io/v1 - kind: DNS + kind: Infrastructure spec: {} - - name: Should be able to specify an AWS role ARN for a private hosted zone + onUpdate: + - name: Should not be able to modify an existing GCP ResourceLabels Label initial: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - expected: | + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + updated: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - - name: Should not be able to specify unsupported platform + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "changed"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" + - name: Should not be able to add a Label to an existing GCP ResourceLabels initial: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: Azure - azure: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - expectedError: "Invalid value: \"string\": allowed values are '' and 'AWS'" - - name: Should not be able to specify invalid AWS role ARN + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "new", value: "entry"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" + - name: Should not be able to remove a Label from an existing GCP ResourceLabels initial: | apiVersion: config.openshift.io/v1 - kind: DNS - metadata: - name: cluster - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam:bad:123456789012:role/foo - expectedError: "DNS.config.openshift.io \"cluster\" is invalid: spec.platform.aws.privateZoneIAMRole: Invalid value: \"arn:aws:iam:bad:123456789012:role/foo\": spec.platform.aws.privateZoneIAMRole in body should match '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\\/.*$'" - - name: Should not be able to specify different type and platform + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "new", value: "entry"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" + - name: Should not be able to add GCP ResourceLabels to an empty platformStatus.gcp initial: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: "" - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - expectedError: "Invalid value: \"object\": aws configuration is required when platform is AWS, and forbidden otherwise" - onUpdate: - - name: Can switch from empty (default), to AWS + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + gcp: + resourceLabels: + - {key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceLabels may only be configured during installation" + - name: Should not be able to remove GCP ResourceLabels from platformStatus.gcp initial: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: "" + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} updated: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - expected: | + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceLabels may only be configured during installation" + - name: Should not have label key start with openshift-io for GCP ResourceLabels in platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: {} + updated: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - - name: Upgrade case is valid + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "openshift-io-created-cluster", value: "true"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels[1].key: Invalid value: \"string\": label keys must not start with either `openshift-io` or `kubernetes-io`" + - name: Should not have label key start with kubernetes-io for GCP ResourceLabels in platformStatus.gcp initial: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: {} # No spec is required for a DNS + kind: Infrastructure + spec: {} + status: {} updated: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: "" - expected: | + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "kubernetes-io-created-cluster", value: "true"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels[1].key: Invalid value: \"string\": label keys must not start with either `openshift-io` or `kubernetes-io`" + - name: Should not be able to modify an existing GCP ResourceTags Tag + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "changed"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to add a Tag to an existing GCP ResourceTags + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + - {parentID: "test-project-123", key: "new", value: "tag"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to remove a Tag from an existing GCP ResourceTags + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key1", value: "value1"} + - {parentID: "test-project-123", key: "key2", value: "value2"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key1", value: "value1"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to add GCP ResourceTags to an empty platformStatus.gcp + initial: | apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: "" + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceTags may only be configured during installation" + - name: Should not be able to remove GCP ResourceTags from platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceTags may only be configured during installation" + - name: Should not be able to modify ParentID of a Tag in the GCP ResourceTags + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "test-project-123", key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" diff --git a/vendor/github.com/openshift/api/config/v1/feature_gates.go b/vendor/github.com/openshift/api/config/v1/feature_gates.go index 07f03f6184..364b1df935 100644 --- a/vendor/github.com/openshift/api/config/v1/feature_gates.go +++ b/vendor/github.com/openshift/api/config/v1/feature_gates.go @@ -183,16 +183,6 @@ var ( OwningProduct: ocpSpecific, } - FeatureGateAWSSecurityTokenService = FeatureGateName("AWSSecurityTokenService") - awsSecurityTokenService = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateAWSSecurityTokenService, - }, - OwningJiraComponent: "cloud-credential-operator", - ResponsiblePerson: "abutcher", - OwningProduct: ocpSpecific, - } - FeatureGateMaxUnavailableStatefulSet = FeatureGateName("MaxUnavailableStatefulSet") maxUnavailableStatefulSet = FeatureGateDescription{ FeatureGateAttributes: FeatureGateAttributes{ diff --git a/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml index 4266122b04..63da9aa412 100644 --- a/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml +++ b/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml @@ -474,3 +474,492 @@ tests: type: FooBar type: OpenStack expectedStatusError: "status.platformStatus.openstack.loadBalancer.type: Unsupported value: \"FooBar\": supported values: \"OpenShiftManagedDefault\", \"UserManaged\"" + - name: Should not be able to update cloudControllerManager state to empty string when state is already set to None + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: None + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platformStatus: + external: + cloudControllerManager: + state: "" + expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" + - name: Should not be able to update cloudControllerManager state to External when state is already set to None + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: None + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: External + expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" + - name: Should be able to update cloudControllerManager state to None when state is already set to None + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: None + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: None + expected: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: HighlyAvailable + infrastructureTopology: HighlyAvailable + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: None + - name: Should not be able to unset cloudControllerManager state when state is already set to None + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: None + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: {} + expectedStatusError: " status.platformStatus.external.cloudControllerManager: Invalid value: \"object\": state may not be added or removed once set" + - name: Should not be able to update cloudControllerManager state to empty string when state is already set to External + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: External + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: "" + expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" + - name: Should not be able to update cloudControllerManager state to None when state is already set to External + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: External + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: None + expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" + - name: Should be able to update cloudControllerManager state to External when state is already set to External + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: External + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: External + expected: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: HighlyAvailable + infrastructureTopology: HighlyAvailable + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: External + - name: Should not be able to unset cloudControllerManager state when state is already set to External + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: External + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: {} + expectedStatusError: " status.platformStatus.external.cloudControllerManager: Invalid value: \"object\": state may not be added or removed once set" + - name: Should not be able to update cloudControllerManager state to None when state is already set to empty string + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: "" + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: None + expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" + - name: Should not be able to update cloudControllerManager state to External when state is already set to empty string + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: "" + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: External + expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" + - name: Should be able to update cloudControllerManager state to empty string when state is already set to empty string + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: "" + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: "" + expected: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: HighlyAvailable + infrastructureTopology: HighlyAvailable + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: "" + - name: Should not be able to unset cloudControllerManager state when state is already set to empty string + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: "" + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: {} + expectedStatusError: " status.platformStatus.external.cloudControllerManager: Invalid value: \"object\": state may not be added or removed once set" + - name: Should be able to update cloudControllerManager state to None when cloudControllerManager state is unset + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: None + expected: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: HighlyAvailable + infrastructureTopology: HighlyAvailable + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: None + - name: Should be able to update cloudControllerManager state to empty string when cloudControllerManager state is unset + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: "" + expected: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: HighlyAvailable + infrastructureTopology: HighlyAvailable + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: "" + - name: Should not be able to update cloudControllerManager state to External when cloudControllerManager state is unset + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: External + expectedStatusError: " status.platformStatus.external.cloudControllerManager: Invalid value: \"object\": state may not be added or removed once set" + - name: Should be able to unset cloudControllerManager state when cloudControllerManager state is unset + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: {} + expected: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: HighlyAvailable + infrastructureTopology: HighlyAvailable + platform: External + platformStatus: + type: External + external: + cloudControllerManager: {} + - name: Should not be able to add cloudControllerManager when cloudControllerManager is unset + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: External + expectedStatusError: " status.platformStatus.external: Invalid value: \"object\": cloudControllerManager may not be added or removed once set" + - name: Should not be able to remove cloudControllerManager when cloudControllerManager is set + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: External + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: {} + expectedStatusError: " status.platformStatus.external: Invalid value: \"object\": cloudControllerManager may not be added or removed once set" diff --git a/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml index 546f392f76..7834e1f841 100644 --- a/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml +++ b/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml @@ -211,454 +211,309 @@ tests: type: FooBar type: BareMetal expectedStatusError: "status.platformStatus.baremetal.loadBalancer.type: Unsupported value: \"FooBar\": supported values: \"OpenShiftManagedDefault\", \"UserManaged\"" - - name: Should not be able to update cloudControllerManager state to empty string when state is already set to None + - name: Should not be able to modify an existing GCP ResourceLabels Label initial: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} status: - platform: External + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP platformStatus: - type: External - external: - cloudControllerManager: - state: None + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} updated: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} status: + platform: GCP platformStatus: - external: - cloudControllerManager: - state: "" - expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" - - name: Should not be able to update cloudControllerManager state to External when state is already set to None + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "changed"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" + - name: Should not be able to add a Label to an existing GCP ResourceLabels initial: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} status: - platform: External + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP platformStatus: - type: External - external: - cloudControllerManager: - state: None + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} updated: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} status: - platform: External + platform: GCP platformStatus: - type: External - external: - cloudControllerManager: - state: External - expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" - - name: Should be able to update cloudControllerManager state to None when state is already set to None + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "new", value: "entry"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" + - name: Should not be able to remove a Label from an existing GCP ResourceLabels initial: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} status: - platform: External + platform: GCP platformStatus: - type: External - external: - cloudControllerManager: - state: None + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "new", value: "entry"} updated: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} status: - platform: External + platform: GCP platformStatus: - type: External - external: - cloudControllerManager: - state: None - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: HighlyAvailable - cpuPartitioning: None - infrastructureTopology: HighlyAvailable - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: None - - name: Should not be able to unset cloudControllerManager state when state is already set to None - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: None - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: {} - expectedStatusError: " status.platformStatus.external.cloudControllerManager: Invalid value: \"object\": state may not be added or removed once set" - - name: Should not be able to update cloudControllerManager state to empty string when state is already set to External - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: External - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: "" - expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" - - name: Should not be able to update cloudControllerManager state to None when state is already set to External - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: External - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: None - expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" - - name: Should be able to update cloudControllerManager state to External when state is already set to External + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" + - name: Should not be able to add GCP ResourceLabels to an empty platformStatus.gcp initial: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} status: - platform: External + platform: GCP platformStatus: - type: External - external: - cloudControllerManager: - state: External + type: GCP + gcp: {} updated: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: External - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: HighlyAvailable - cpuPartitioning: None - infrastructureTopology: HighlyAvailable - platform: External + platform: GCP platformStatus: - type: External - external: - cloudControllerManager: - state: External - - name: Should not be able to unset cloudControllerManager state when state is already set to External + gcp: + resourceLabels: + - {key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceLabels may only be configured during installation" + - name: Should not be able to remove GCP ResourceLabels from platformStatus.gcp initial: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} status: - platform: External + platform: GCP platformStatus: - type: External - external: - cloudControllerManager: - state: External + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} updated: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} status: - platform: External + platform: GCP platformStatus: - type: External - external: - cloudControllerManager: {} - expectedStatusError: " status.platformStatus.external.cloudControllerManager: Invalid value: \"object\": state may not be added or removed once set" - - name: Should not be able to update cloudControllerManager state to None when state is already set to empty string + type: GCP + gcp: {} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceLabels may only be configured during installation" + - name: Should not have label key start with openshift-io for GCP ResourceLabels in platformStatus.gcp initial: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: "" + status: {} updated: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} status: - platform: External + platform: GCP platformStatus: - type: External - external: - cloudControllerManager: - state: None - expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" - - name: Should not be able to update cloudControllerManager state to External when state is already set to empty string + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "openshift-io-created-cluster", value: "true"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels[1].key: Invalid value: \"string\": label keys must not start with either `openshift-io` or `kubernetes-io`" + - name: Should not have label key start with kubernetes-io for GCP ResourceLabels in platformStatus.gcp initial: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: "" + status: {} updated: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} status: - platform: External + platform: GCP platformStatus: - type: External - external: - cloudControllerManager: - state: External - expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" - - name: Should be able to update cloudControllerManager state to empty string when state is already set to empty string + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "kubernetes-io-created-cluster", value: "true"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels[1].key: Invalid value: \"string\": label keys must not start with either `openshift-io` or `kubernetes-io`" + - name: Should not be able to modify an existing GCP ResourceTags Tag initial: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} status: - platform: External + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP platformStatus: - type: External - external: - cloudControllerManager: - state: "" + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} updated: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} status: - platform: External + platform: GCP platformStatus: - type: External - external: - cloudControllerManager: - state: "" - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: HighlyAvailable - cpuPartitioning: None - infrastructureTopology: HighlyAvailable - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: "" - - name: Should not be able to unset cloudControllerManager state when state is already set to empty string + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "changed"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to add a Tag to an existing GCP ResourceTags initial: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} status: - platform: External + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP platformStatus: - type: External - external: - cloudControllerManager: - state: "" + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} updated: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} status: - platform: External + platform: GCP platformStatus: - type: External - external: - cloudControllerManager: {} - expectedStatusError: " status.platformStatus.external.cloudControllerManager: Invalid value: \"object\": state may not be added or removed once set" - - name: Should be able to update cloudControllerManager state to None when cloudControllerManager state is unset + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + - {parentID: "test-project-123", key: "new", value: "tag"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to remove a Tag from an existing GCP ResourceTags initial: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} status: - platform: External + platform: GCP platformStatus: - type: External - external: - cloudControllerManager: {} + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key1", value: "value1"} + - {parentID: "test-project-123", key: "key2", value: "value2"} updated: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: None - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: HighlyAvailable - cpuPartitioning: None - infrastructureTopology: HighlyAvailable - platform: External + platform: GCP platformStatus: - type: External - external: - cloudControllerManager: - state: None - - name: Should be able to update cloudControllerManager state to empty string when cloudControllerManager state is unset + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key1", value: "value1"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to add GCP ResourceTags to an empty platformStatus.gcp initial: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} status: - platform: External + platform: GCP platformStatus: - type: External - external: - cloudControllerManager: {} + type: GCP + gcp: {} updated: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: "" - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: HighlyAvailable - cpuPartitioning: None - infrastructureTopology: HighlyAvailable - platform: External + platform: GCP platformStatus: - type: External - external: - cloudControllerManager: - state: "" - - name: Should not be able to update cloudControllerManager state to External when cloudControllerManager state is unset + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceTags may only be configured during installation" + - name: Should not be able to remove GCP ResourceTags from platformStatus.gcp initial: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} status: - platform: External + platform: GCP platformStatus: - type: External - external: - cloudControllerManager: {} + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} updated: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} status: - platform: External + platform: GCP platformStatus: - type: External - external: - cloudControllerManager: - state: External - expectedStatusError: " status.platformStatus.external.cloudControllerManager: Invalid value: \"object\": state may not be added or removed once set" - - name: Should be able to unset cloudControllerManager state when cloudControllerManager state is unset + type: GCP + gcp: {} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceTags may only be configured during installation" + - name: Should not be able to modify ParentID of a Tag in the GCP ResourceTags initial: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} status: - platform: External + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP platformStatus: - type: External - external: - cloudControllerManager: {} + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} updated: | apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: {} - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: HighlyAvailable - cpuPartitioning: None - infrastructureTopology: HighlyAvailable - platform: External + platform: GCP platformStatus: - type: External - external: - cloudControllerManager: {} + type: GCP + gcp: + resourceTags: + - {parentID: "test-project-123", key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go index 234720477b..888a9658ac 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go @@ -247,7 +247,7 @@ const ( ) // ClusterVersionCapability enumerates optional, core cluster components. -// +kubebuilder:validation:Enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI +// +kubebuilder:validation:Enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig type ClusterVersionCapability string const ( @@ -313,6 +313,23 @@ const ( // documentation. This is important part of openshift system // and may cause cluster damage ClusterVersionCapabilityMachineAPI ClusterVersionCapability = "MachineAPI" + + // ClusterVersionCapabilityBuild manages the Build API which is responsible + // for watching the Build API objects and managing their lifecycle. + // The functionality is located under openshift-apiserver and openshift-controller-manager. + // + // The following resources are taken into account: + // - builds + // - buildconfigs + ClusterVersionCapabilityBuild ClusterVersionCapability = "Build" + + // ClusterVersionCapabilityDeploymentConfig manages the DeploymentConfig API + // which is responsible for watching the DeploymentConfig API and managing their lifecycle. + // The functionality is located under openshift-apiserver and openshift-controller-manager. + // + // The following resources are taken into account: + // - deploymentconfigs + ClusterVersionCapabilityDeploymentConfig ClusterVersionCapability = "DeploymentConfig" ) // KnownClusterVersionCapabilities includes all known optional, core cluster components. @@ -326,6 +343,8 @@ var KnownClusterVersionCapabilities = []ClusterVersionCapability{ ClusterVersionCapabilityCSISnapshot, ClusterVersionCapabilityNodeTuning, ClusterVersionCapabilityMachineAPI, + ClusterVersionCapabilityBuild, + ClusterVersionCapabilityDeploymentConfig, } // ClusterVersionCapabilitySet defines sets of cluster version capabilities. @@ -404,6 +423,8 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityCSISnapshot, ClusterVersionCapabilityNodeTuning, ClusterVersionCapabilityMachineAPI, + ClusterVersionCapabilityBuild, + ClusterVersionCapabilityDeploymentConfig, }, ClusterVersionCapabilitySetCurrent: { ClusterVersionCapabilityBaremetal, @@ -415,6 +436,8 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityCSISnapshot, ClusterVersionCapabilityNodeTuning, ClusterVersionCapabilityMachineAPI, + ClusterVersionCapabilityBuild, + ClusterVersionCapabilityDeploymentConfig, }, } diff --git a/vendor/github.com/openshift/api/config/v1/types_feature.go b/vendor/github.com/openshift/api/config/v1/types_feature.go index e7d5e49d65..88835ae531 100644 --- a/vendor/github.com/openshift/api/config/v1/types_feature.go +++ b/vendor/github.com/openshift/api/config/v1/types_feature.go @@ -165,7 +165,6 @@ var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{ TechPreviewNoUpgrade: newDefaultFeatures(). with(externalCloudProvider). with(externalCloudProviderGCP). - with(externalCloudProviderExternal). with(csiDriverSharedResource). with(buildCSIVolumes). with(nodeSwap). @@ -175,7 +174,6 @@ var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{ with(pdbUnhealthyPodEvictionPolicy). with(dynamicResourceAllocation). with(admissionWebhookMatchConditions). - with(awsSecurityTokenService). with(azureWorkloadIdentity). with(gateGatewayAPI). with(maxUnavailableStatefulSet). @@ -198,6 +196,7 @@ var defaultFeatures = &FeatureGateEnabledDisabled{ alibabaPlatform, // This is a bug, it should be TechPreviewNoUpgrade. This must be downgraded before 4.14 is shipped. cloudDualStackNodeIPs, externalCloudProviderAzure, + externalCloudProviderExternal, privateHostedZoneAWS, }, Disabled: []FeatureGateDescription{ diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index c9f69b31b6..6c791ee8c8 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -349,11 +349,11 @@ type CloudControllerManagerStatus struct { } // ExternalPlatformStatus holds the current status of the generic External infrastructure provider. +// +kubebuilder:validation:XValidation:rule="has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager)",message="cloudControllerManager may not be added or removed once set" type ExternalPlatformStatus struct { // cloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI). // When omitted, new nodes will be not tainted // and no extra initialization from the cloud controller manager is expected. - // +openshift:enable:FeatureSets=TechPreviewNoUpgrade // +optional CloudControllerManager CloudControllerManagerStatus `json:"cloudControllerManager"` } @@ -580,12 +580,93 @@ const ( type GCPPlatformSpec struct{} // GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider. +// +openshift:validation:FeatureSetAwareXValidation:featureSet=CustomNoUpgrade;TechPreviewNoUpgrade,rule="!has(oldSelf.resourceLabels) && !has(self.resourceLabels) || has(oldSelf.resourceLabels) && has(self.resourceLabels)",message="resourceLabels may only be configured during installation" +// +openshift:validation:FeatureSetAwareXValidation:featureSet=CustomNoUpgrade;TechPreviewNoUpgrade,rule="!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)",message="resourceTags may only be configured during installation" type GCPPlatformStatus struct { // resourceGroupName is the Project ID for new GCP resources created for the cluster. ProjectID string `json:"projectID"` // region holds the region for new GCP resources created for the cluster. Region string `json:"region"` + + // resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. + // See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. + // GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, + // allowing 32 labels for user configuration. + // +kubebuilder:validation:MaxItems=32 + // +kubebuilder:validation:XValidation:rule="self.all(x, x in oldSelf) && oldSelf.all(x, x in self)",message="resourceLabels are immutable and may only be configured during installation" + // +listType=map + // +listMapKey=key + // +optional + // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + ResourceLabels []GCPResourceLabel `json:"resourceLabels,omitempty"` + + // resourceTags is a list of additional tags to apply to GCP resources created for the cluster. + // See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on + // tagging GCP resources. GCP supports a maximum of 50 tags per resource. + // +kubebuilder:validation:MaxItems=50 + // +kubebuilder:validation:XValidation:rule="self.all(x, x in oldSelf) && oldSelf.all(x, x in self)",message="resourceTags are immutable and may only be configured during installation" + // +listType=map + // +listMapKey=key + // +optional + // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + ResourceTags []GCPResourceTag `json:"resourceTags,omitempty"` +} + +// GCPResourceLabel is a label to apply to GCP resources created for the cluster. +type GCPResourceLabel struct { + // key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. + // Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, + // and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` + // and `openshift-io`. + // +kubebuilder:validation:XValidation:rule="!self.startsWith('openshift-io') && !self.startsWith('kubernetes-io')",message="label keys must not start with either `openshift-io` or `kubernetes-io`" + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[a-z][0-9a-z_-]+$` + Key string `json:"key"` + + // value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. + // Value must contain only lowercase letters, numeric characters, and the following special characters `_-`. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[0-9a-z_-]+$` + Value string `json:"value"` +} + +// GCPResourceTag is a tag to apply to GCP resources created for the cluster. +type GCPResourceTag struct { + // parentID is the ID of the hierarchical resource where the tags are defined, + // e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages: + // https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, + // https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. + // An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. + // A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, + // and hyphens, and must start with a letter, and cannot end with a hyphen. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=32 + // +kubebuilder:validation:Pattern=`(^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$)` + ParentID string `json:"parentID"` + + // key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. + // Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase + // alphanumeric characters, and the following special characters `._-`. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$` + Key string `json:"key"` + + // value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. + // Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase + // alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$` + Value string `json:"value"` } // BareMetalPlatformLoadBalancer defines the load balancer used by the cluster on BareMetal platform. diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index 5738354605..44d7428e6c 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -2137,6 +2137,16 @@ func (in *GCPPlatformSpec) DeepCopy() *GCPPlatformSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GCPPlatformStatus) DeepCopyInto(out *GCPPlatformStatus) { *out = *in + if in.ResourceLabels != nil { + in, out := &in.ResourceLabels, &out.ResourceLabels + *out = make([]GCPResourceLabel, len(*in)) + copy(*out, *in) + } + if in.ResourceTags != nil { + in, out := &in.ResourceTags, &out.ResourceTags + *out = make([]GCPResourceTag, len(*in)) + copy(*out, *in) + } return } @@ -2150,6 +2160,38 @@ func (in *GCPPlatformStatus) DeepCopy() *GCPPlatformStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GCPResourceLabel) DeepCopyInto(out *GCPResourceLabel) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPResourceLabel. +func (in *GCPResourceLabel) DeepCopy() *GCPResourceLabel { + if in == nil { + return nil + } + out := new(GCPResourceLabel) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GCPResourceTag) DeepCopyInto(out *GCPResourceTag) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPResourceTag. +func (in *GCPResourceTag) DeepCopy() *GCPResourceTag { + if in == nil { + return nil + } + out := new(GCPResourceTag) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GenericAPIServerConfig) DeepCopyInto(out *GenericAPIServerConfig) { *out = *in @@ -4335,7 +4377,7 @@ func (in *PlatformStatus) DeepCopyInto(out *PlatformStatus) { if in.GCP != nil { in, out := &in.GCP, &out.GCP *out = new(GCPPlatformStatus) - **out = **in + (*in).DeepCopyInto(*out) } if in.BareMetal != nil { in, out := &in.BareMetal, &out.BareMetal diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index f84e44573b..33ec922375 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -1237,15 +1237,38 @@ func (GCPPlatformSpec) SwaggerDoc() map[string]string { } var map_GCPPlatformStatus = map[string]string{ - "": "GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider.", - "projectID": "resourceGroupName is the Project ID for new GCP resources created for the cluster.", - "region": "region holds the region for new GCP resources created for the cluster.", + "": "GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider.", + "projectID": "resourceGroupName is the Project ID for new GCP resources created for the cluster.", + "region": "region holds the region for new GCP resources created for the cluster.", + "resourceLabels": "resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration.", + "resourceTags": "resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.", } func (GCPPlatformStatus) SwaggerDoc() map[string]string { return map_GCPPlatformStatus } +var map_GCPResourceLabel = map[string]string{ + "": "GCPResourceLabel is a label to apply to GCP resources created for the cluster.", + "key": "key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` and `openshift-io`.", + "value": "value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. Value must contain only lowercase letters, numeric characters, and the following special characters `_-`.", +} + +func (GCPResourceLabel) SwaggerDoc() map[string]string { + return map_GCPResourceLabel +} + +var map_GCPResourceTag = map[string]string{ + "": "GCPResourceTag is a tag to apply to GCP resources created for the cluster.", + "parentID": "parentID is the ID of the hierarchical resource where the tags are defined, e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.", + "key": "key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`.", + "value": "value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces.", +} + +func (GCPResourceTag) SwaggerDoc() map[string]string { + return map_GCPResourceTag +} + var map_IBMCloudPlatformSpec = map[string]string{ "": "IBMCloudPlatformSpec holds the desired state of the IBMCloud infrastructure provider. This only includes fields that can be modified in the cluster.", } diff --git a/vendor/github.com/openshift/api/console/v1/0000_10_consoleclidownload.crd.yaml b/vendor/github.com/openshift/api/console/v1/00_consoleclidownload.crd.yaml similarity index 100% rename from vendor/github.com/openshift/api/console/v1/0000_10_consoleclidownload.crd.yaml rename to vendor/github.com/openshift/api/console/v1/00_consoleclidownload.crd.yaml diff --git a/vendor/github.com/openshift/api/console/v1/0000_10_consoleexternalloglink.crd.yaml b/vendor/github.com/openshift/api/console/v1/00_consoleexternalloglink.crd.yaml similarity index 100% rename from vendor/github.com/openshift/api/console/v1/0000_10_consoleexternalloglink.crd.yaml rename to vendor/github.com/openshift/api/console/v1/00_consoleexternalloglink.crd.yaml diff --git a/vendor/github.com/openshift/api/console/v1/0000_10_consolelink.crd.yaml b/vendor/github.com/openshift/api/console/v1/00_consolelink.crd.yaml similarity index 100% rename from vendor/github.com/openshift/api/console/v1/0000_10_consolelink.crd.yaml rename to vendor/github.com/openshift/api/console/v1/00_consolelink.crd.yaml diff --git a/vendor/github.com/openshift/api/console/v1/0000_10_consolenotification.crd.yaml b/vendor/github.com/openshift/api/console/v1/00_consolenotification.crd.yaml similarity index 100% rename from vendor/github.com/openshift/api/console/v1/0000_10_consolenotification.crd.yaml rename to vendor/github.com/openshift/api/console/v1/00_consolenotification.crd.yaml diff --git a/vendor/github.com/openshift/api/console/v1/0000_10_consolequickstart.crd.yaml b/vendor/github.com/openshift/api/console/v1/00_consolequickstart.crd.yaml similarity index 100% rename from vendor/github.com/openshift/api/console/v1/0000_10_consolequickstart.crd.yaml rename to vendor/github.com/openshift/api/console/v1/00_consolequickstart.crd.yaml diff --git a/vendor/github.com/openshift/api/console/v1/0000_10_consolesample.crd.yaml b/vendor/github.com/openshift/api/console/v1/00_consolesample.crd.yaml similarity index 100% rename from vendor/github.com/openshift/api/console/v1/0000_10_consolesample.crd.yaml rename to vendor/github.com/openshift/api/console/v1/00_consolesample.crd.yaml diff --git a/vendor/github.com/openshift/api/console/v1/0000_10_consoleyamlsample.crd.yaml b/vendor/github.com/openshift/api/console/v1/00_consoleyamlsample.crd.yaml similarity index 100% rename from vendor/github.com/openshift/api/console/v1/0000_10_consoleyamlsample.crd.yaml rename to vendor/github.com/openshift/api/console/v1/00_consoleyamlsample.crd.yaml diff --git a/vendor/github.com/openshift/api/console/v1/0000_10_consoleplugin.crd.yaml b/vendor/github.com/openshift/api/console/v1/90_consoleplugin.crd.yaml similarity index 100% rename from vendor/github.com/openshift/api/console/v1/0000_10_consoleplugin.crd.yaml rename to vendor/github.com/openshift/api/console/v1/90_consoleplugin.crd.yaml diff --git a/vendor/github.com/openshift/api/console/v1/stable.consoleclidownload.testsuite.yaml b/vendor/github.com/openshift/api/console/v1/stable.consoleclidownload.testsuite.yaml index 0f1b27db92..8faef369b3 100644 --- a/vendor/github.com/openshift/api/console/v1/stable.consoleclidownload.testsuite.yaml +++ b/vendor/github.com/openshift/api/console/v1/stable.consoleclidownload.testsuite.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "[Stable] ConsoleCLIDownload" -crd: 0000_10_consoleclidownload.crd.yaml +crd: 00_consoleclidownload.crd.yaml tests: onCreate: - name: Should be able to create a minimal ConsoleCLIDownload diff --git a/vendor/github.com/openshift/api/console/v1/stable.consoleexternalloglink.testsuite.yaml b/vendor/github.com/openshift/api/console/v1/stable.consoleexternalloglink.testsuite.yaml index 76846597f9..8602d88b8e 100644 --- a/vendor/github.com/openshift/api/console/v1/stable.consoleexternalloglink.testsuite.yaml +++ b/vendor/github.com/openshift/api/console/v1/stable.consoleexternalloglink.testsuite.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "[Stable] ConsoleExternalLogLink" -crd: 0000_10_consoleexternalloglink.crd.yaml +crd: 00_consoleexternalloglink.crd.yaml tests: onCreate: - name: Should be able to create a minimal ConsoleExternalLogLink diff --git a/vendor/github.com/openshift/api/console/v1/stable.consolelink.testsuite.yaml b/vendor/github.com/openshift/api/console/v1/stable.consolelink.testsuite.yaml index 9ab5596427..87415ec163 100644 --- a/vendor/github.com/openshift/api/console/v1/stable.consolelink.testsuite.yaml +++ b/vendor/github.com/openshift/api/console/v1/stable.consolelink.testsuite.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "[Stable] ConsoleLink" -crd: 0000_10_consolelink.crd.yaml +crd: 00_consolelink.crd.yaml tests: onCreate: - name: Should be able to create a minimal ConsoleLink diff --git a/vendor/github.com/openshift/api/console/v1/stable.consolenotification.testsuite.yaml b/vendor/github.com/openshift/api/console/v1/stable.consolenotification.testsuite.yaml index ade1c6ac69..c60dd0a64e 100644 --- a/vendor/github.com/openshift/api/console/v1/stable.consolenotification.testsuite.yaml +++ b/vendor/github.com/openshift/api/console/v1/stable.consolenotification.testsuite.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "[Stable] ConsoleNotification" -crd: 0000_10_consolenotification.crd.yaml +crd: 00_consolenotification.crd.yaml tests: onCreate: - name: Should be able to create a minimal ConsoleNotification diff --git a/vendor/github.com/openshift/api/console/v1/stable.consoleplugin.testsuite.yaml b/vendor/github.com/openshift/api/console/v1/stable.consoleplugin.testsuite.yaml index 627cea6f38..0abe23ba7a 100644 --- a/vendor/github.com/openshift/api/console/v1/stable.consoleplugin.testsuite.yaml +++ b/vendor/github.com/openshift/api/console/v1/stable.consoleplugin.testsuite.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "[Stable] ConsolePlugin" -crd: 0000_10_consoleplugin.crd.yaml +crd: 90_consoleplugin.crd.yaml tests: onCreate: - name: Should be able to create a minimal ConsolePlugin diff --git a/vendor/github.com/openshift/api/console/v1/stable.consolequickstart.testsuite.yaml b/vendor/github.com/openshift/api/console/v1/stable.consolequickstart.testsuite.yaml index b5a403be59..d9c3ec93f4 100644 --- a/vendor/github.com/openshift/api/console/v1/stable.consolequickstart.testsuite.yaml +++ b/vendor/github.com/openshift/api/console/v1/stable.consolequickstart.testsuite.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "[Stable] ConsoleQuickStart" -crd: 0000_10_consolequickstart.crd.yaml +crd: 00_consolequickstart.crd.yaml tests: onCreate: - name: Should be able to create a minimal ConsoleQuickStart diff --git a/vendor/github.com/openshift/api/console/v1/stable.consolesample.testsuite.yaml b/vendor/github.com/openshift/api/console/v1/stable.consolesample.testsuite.yaml index 8929fa9eb4..f5af743603 100644 --- a/vendor/github.com/openshift/api/console/v1/stable.consolesample.testsuite.yaml +++ b/vendor/github.com/openshift/api/console/v1/stable.consolesample.testsuite.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "[Stable] ConsoleSample" -crd: 0000_10_consolesample.crd.yaml +crd: 00_consolesample.crd.yaml tests: onCreate: - name: Should be able to create a minimal ConsoleSample with GitImport diff --git a/vendor/github.com/openshift/api/console/v1/stable.consoleyamlsample.testsuite.yaml b/vendor/github.com/openshift/api/console/v1/stable.consoleyamlsample.testsuite.yaml index 661c48fe07..1e72d5ac71 100644 --- a/vendor/github.com/openshift/api/console/v1/stable.consoleyamlsample.testsuite.yaml +++ b/vendor/github.com/openshift/api/console/v1/stable.consoleyamlsample.testsuite.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "[Stable] ConsoleYAMLSample" -crd: 0000_10_consoleyamlsample.crd.yaml +crd: 00_consoleyamlsample.crd.yaml tests: onCreate: - name: Should be able to create a minimal ConsoleYAMLSample diff --git a/vendor/github.com/openshift/api/console/v1alpha1/0000_10_consoleplugin.crd.yaml b/vendor/github.com/openshift/api/console/v1alpha1/90_consoleplugin.crd.yaml similarity index 100% rename from vendor/github.com/openshift/api/console/v1alpha1/0000_10_consoleplugin.crd.yaml rename to vendor/github.com/openshift/api/console/v1alpha1/90_consoleplugin.crd.yaml diff --git a/vendor/github.com/openshift/api/console/v1alpha1/stable.consoleplugin.testsuite.yaml b/vendor/github.com/openshift/api/console/v1alpha1/stable.consoleplugin.testsuite.yaml index 138e8f6fa5..d861a65434 100644 --- a/vendor/github.com/openshift/api/console/v1alpha1/stable.consoleplugin.testsuite.yaml +++ b/vendor/github.com/openshift/api/console/v1alpha1/stable.consoleplugin.testsuite.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "[Stable] ConsolePlugin" -crd: 0000_10_consoleplugin.crd.yaml +crd: 90_consoleplugin.crd.yaml tests: onCreate: - name: Should be able to create a minimal ConsolePlugin diff --git a/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset.crd.yaml b/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset.crd.yaml index 00b5311a0f..699621ec49 100644 --- a/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset.crd.yaml +++ b/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset.crd.yaml @@ -261,7 +261,8 @@ spec: rootVolume: description: rootVolume contains settings that will be used by the OpenStack machine provider to create the root volume attached to the VM. If not specified, no root volume will be created. type: object - minProperties: 1 + required: + - volumeType properties: availabilityZone: description: availabilityZone specifies the Cinder availability zone where the root volume will be created. If not specifified, the root volume will be created in the availability zone specified by the volume type in the cinder configuration. If the volume type (configured in the OpenStack cluster) does not specify an availability zone, the root volume will be created in the default availability zone specified in the cinder configuration. See https://docs.openstack.org/cinder/latest/admin/availability-zone-type.html for more details. If the OpenStack cluster is deployed with the cross_az_attach configuration option set to false, the root volume will have to be in the same availability zone as the VM (defined by OpenStackFailureDomain.AvailabilityZone). Availability zone names must NOT contain spaces otherwise it will lead to volume that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information. The maximum length of availability zone name is 63 as per labels limits. @@ -270,7 +271,7 @@ spec: minLength: 1 pattern: ^[^ ]*$ volumeType: - description: volumeType specifies the type of the root volume that will be provisioned. If not specifified, the root volume will be created as the type in the machine template. The maximum length of a volume type name is 255 characters, as per the OpenStack limit. + description: volumeType specifies the type of the root volume that will be provisioned. The maximum length of a volume type name is 255 characters, as per the OpenStack limit. type: string maxLength: 255 minLength: 1 diff --git a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.openstack.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.openstack.testsuite.yaml index e5759f4b06..a09de51e0f 100644 --- a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.openstack.testsuite.yaml +++ b/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.openstack.testsuite.yaml @@ -213,6 +213,7 @@ tests: openstack: - rootVolume: availabilityZone: foo + volumeType: fast expected: | apiVersion: machine.openshift.io/v1 kind: ControlPlaneMachineSet @@ -240,6 +241,7 @@ tests: openstack: - rootVolume: availabilityZone: foo + volumeType: fast - name: Should accept an OpenStack failure domain with only the root volume type provided initial: | apiVersion: machine.openshift.io/v1 @@ -316,6 +318,7 @@ tests: - availabilityZone: foo rootVolume: availabilityZone: foo + volumeType: fast expected: | apiVersion: machine.openshift.io/v1 kind: ControlPlaneMachineSet @@ -344,6 +347,7 @@ tests: - availabilityZone: foo rootVolume: availabilityZone: foo + volumeType: fast - name: Should accept an OpenStack failure domain with both availabilityZone and root volume type provided initial: | apiVersion: machine.openshift.io/v1 @@ -399,7 +403,7 @@ tests: rootVolume: availabilityZone: foo volumeType: bar - - name: Should reject an OpenStack failure domain with too long a rootVolume volumeType name + - name: Should reject an OpenStack failure domain with no rootVolume volumeType provided initial: | apiVersion: machine.openshift.io/v1 kind: ControlPlaneMachineSet @@ -421,11 +425,35 @@ tests: failureDomains: platform: OpenStack openstack: - - availabilityZone: foo - rootVolume: - volumeType: a123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345 - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume.volumeType: Too long: may not be longer than 255" - - name: Should reject an OpenStack failure domain with an empty rootVolume provided + - rootVolume: + availabilityZone: foo + expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume.volumeType: Required value, : Invalid value: \"null\": some validation rules were not checked" + - name: Should reject an OpenStack failure domain with an empty rootVolume volumeType provided + initial: | + apiVersion: machine.openshift.io/v1 + kind: ControlPlaneMachineSet + spec: + selector: + matchLabels: + machine.openshift.io/cluster-api-machine-role: master + machine.openshift.io/cluster-api-machine-type: master + template: + machineType: machines_v1beta1_machine_openshift_io + machines_v1beta1_machine_openshift_io: + metadata: + labels: + machine.openshift.io/cluster-api-machine-role: master + machine.openshift.io/cluster-api-machine-type: master + machine.openshift.io/cluster-api-cluster: cluster + spec: + providerSpec: {} + failureDomains: + platform: OpenStack + openstack: + - rootVolume: + volumeType: "" + expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume.volumeType: Invalid value: \"\": spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume.volumeType in body should be at least 1 chars long" + - name: Should reject an OpenStack failure domain with too long a rootVolume volumeType name initial: | apiVersion: machine.openshift.io/v1 kind: ControlPlaneMachineSet @@ -448,8 +476,9 @@ tests: platform: OpenStack openstack: - availabilityZone: foo - rootVolume: {} - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume in body should have at least 1 properties" + rootVolume: + volumeType: a123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345 + expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume.volumeType: Too long: may not be longer than 255" - name: Should reject an OpenStack failure domain with both availabilityZone and root volume provided but with missing root volume availabilityZone initial: | apiVersion: machine.openshift.io/v1 @@ -549,6 +578,7 @@ tests: openstack: - rootVolume: availabilityZone: "" + volumeType: fast expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume.availabilityZone in body should be at least 1 chars long" - name: Should reject an OpenStack failure domain with an invalid availabilityZone provided initial: | @@ -598,4 +628,5 @@ tests: openstack: - rootVolume: availabilityZone: "foo bar" + volumeType: fast expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume.availabilityZone in body should match" diff --git a/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go b/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go index b31e0e5486..9f81f4d103 100644 --- a/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go +++ b/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go @@ -325,7 +325,6 @@ type OpenStackFailureDomain struct { // RootVolume represents the volume metadata to boot from. // The original RootVolume struct is defined in the v1alpha1 but it's not best practice to use it directly here so we define a new one // that should stay in sync with the original one. -// +kubebuilder:validation:MinProperties:=1 type RootVolume struct { // availabilityZone specifies the Cinder availability zone where the root volume will be created. // If not specifified, the root volume will be created in the availability zone specified by the volume type in the cinder configuration. @@ -343,12 +342,16 @@ type RootVolume struct { AvailabilityZone string `json:"availabilityZone,omitempty"` // volumeType specifies the type of the root volume that will be provisioned. - // If not specifified, the root volume will be created as the type in the machine template. // The maximum length of a volume type name is 255 characters, as per the OpenStack limit. + // + --- + // + Historically, the installer has always required a volume type to be specified when deploying + // + the control plane with a root volume. This is because the default volume type in Cinder is not guaranteed + // + to be available, therefore we prefer the user to be explicit about the volume type to use. + // + We apply the same logic in CPMS: if the failure domain specifies a root volume, we require the user to specify a volume type. + // +kubebuilder:validation:Required // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=255 - // +optional - VolumeType string `json:"volumeType,omitempty"` + VolumeType string `json:"volumeType"` } // ControlPlaneMachineSetStatus represents the status of the ControlPlaneMachineSet CRD. diff --git a/vendor/github.com/openshift/api/machine/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/machine/v1/zz_generated.swagger_doc_generated.go index 01269a67d1..03f4f8267c 100644 --- a/vendor/github.com/openshift/api/machine/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/machine/v1/zz_generated.swagger_doc_generated.go @@ -287,7 +287,7 @@ func (OpenStackFailureDomain) SwaggerDoc() map[string]string { var map_RootVolume = map[string]string{ "": "RootVolume represents the volume metadata to boot from. The original RootVolume struct is defined in the v1alpha1 but it's not best practice to use it directly here so we define a new one that should stay in sync with the original one.", "availabilityZone": "availabilityZone specifies the Cinder availability zone where the root volume will be created. If not specifified, the root volume will be created in the availability zone specified by the volume type in the cinder configuration. If the volume type (configured in the OpenStack cluster) does not specify an availability zone, the root volume will be created in the default availability zone specified in the cinder configuration. See https://docs.openstack.org/cinder/latest/admin/availability-zone-type.html for more details. If the OpenStack cluster is deployed with the cross_az_attach configuration option set to false, the root volume will have to be in the same availability zone as the VM (defined by OpenStackFailureDomain.AvailabilityZone). Availability zone names must NOT contain spaces otherwise it will lead to volume that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information. The maximum length of availability zone name is 63 as per labels limits.", - "volumeType": "volumeType specifies the type of the root volume that will be provisioned. If not specifified, the root volume will be created as the type in the machine template. The maximum length of a volume type name is 255 characters, as per the OpenStack limit.", + "volumeType": "volumeType specifies the type of the root volume that will be provisioned. The maximum length of a volume type name is 255 characters, as per the OpenStack limit. ", } func (RootVolume) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml index 9c391d4a56..4ff57e35a3 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml @@ -261,6 +261,130 @@ spec: httpHeaders: description: "httpHeaders defines policy for HTTP headers. \n If this field is empty, the default values are used." properties: + actions: + description: 'actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController''s spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route''s spec.httpHeaders.actions field. Headers set using this API cannot be captured for use in access logs. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.' + properties: + request: + description: 'request is a list of HTTP request headers to modify. Actions defined here will modify the request headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for request headers will be executed before Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. Sample fetchers allowed are "req.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]".' + items: + description: IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header. + properties: + action: + description: action specifies actions to perform on headers, such as setting or deleting headers. + properties: + set: + description: set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise. + properties: + value: + description: value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. + maxLength: 16384 + minLength: 1 + type: string + required: + - value + type: object + type: + description: type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers. + enum: + - Set + - Delete + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: set is required when type is Set, and forbidden otherwise + rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) : !has(self.set)' + name: + description: 'name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&''*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.' + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + x-kubernetes-validations: + - message: strict-transport-security header may not be modified via header actions + rule: self.lowerAscii() != 'strict-transport-security' + - message: proxy header may not be modified via header actions + rule: self.lowerAscii() != 'proxy' + - message: host header may not be modified via header actions + rule: self.lowerAscii() != 'host' + - message: cookie header may not be modified via header actions + rule: self.lowerAscii() != 'cookie' + - message: set-cookie header may not be modified via header actions + rule: self.lowerAscii() != 'set-cookie' + required: + - action + - name + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64. + rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + response: + description: 'response is a list of HTTP response headers to modify. Actions defined here will modify the response headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for response headers will be executed after Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. Sample fetchers allowed are "res.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]".' + items: + description: IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header. + properties: + action: + description: action specifies actions to perform on headers, such as setting or deleting headers. + properties: + set: + description: set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise. + properties: + value: + description: value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. + maxLength: 16384 + minLength: 1 + type: string + required: + - value + type: object + type: + description: type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers. + enum: + - Set + - Delete + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: set is required when type is Set, and forbidden otherwise + rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) : !has(self.set)' + name: + description: 'name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&''*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.' + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + x-kubernetes-validations: + - message: strict-transport-security header may not be modified via header actions + rule: self.lowerAscii() != 'strict-transport-security' + - message: proxy header may not be modified via header actions + rule: self.lowerAscii() != 'proxy' + - message: host header may not be modified via header actions + rule: self.lowerAscii() != 'host' + - message: cookie header may not be modified via header actions + rule: self.lowerAscii() != 'cookie' + - message: set-cookie header may not be modified via header actions + rule: self.lowerAscii() != 'set-cookie' + required: + - action + - name + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64. + rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + type: object forwardedHeaderPolicy: description: "forwardedHeaderPolicy specifies when and how the IngressController sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version HTTP headers. The value may be one of the following: \n * \"Append\", which specifies that the IngressController appends the headers, preserving existing headers. \n * \"Replace\", which specifies that the IngressController sets the headers, replacing any existing Forwarded or X-Forwarded-* headers. \n * \"IfNone\", which specifies that the IngressController sets the headers if they are not already set. \n * \"Never\", which specifies that the IngressController never sets the headers, preserving any existing headers. \n By default, the policy is \"Append\"." enum: diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml b/vendor/github.com/openshift/api/operator/v1/00_console-operator.crd.yaml similarity index 100% rename from vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml rename to vendor/github.com/openshift/api/operator/v1/00_console-operator.crd.yaml diff --git a/vendor/github.com/openshift/api/operator/v1/stable.console.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.console.testsuite.yaml index 158c96ad4b..065d490e45 100644 --- a/vendor/github.com/openshift/api/operator/v1/stable.console.testsuite.yaml +++ b/vendor/github.com/openshift/api/operator/v1/stable.console.testsuite.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "[Stable] Console" -crd: 0000_70_console-operator.crd.yaml +crd: 00_console-operator.crd.yaml tests: onCreate: - name: Should be able to create a minimal Console diff --git a/vendor/github.com/openshift/api/operator/v1/stable.ingresscontroller.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.ingresscontroller.testsuite.yaml index 01d02ce096..903d8e60c5 100644 --- a/vendor/github.com/openshift/api/operator/v1/stable.ingresscontroller.testsuite.yaml +++ b/vendor/github.com/openshift/api/operator/v1/stable.ingresscontroller.testsuite.yaml @@ -13,3 +13,466 @@ tests: kind: IngressController spec: httpEmptyRequestsPolicy: Respond + - name: Should be able to create an IngressController with valid Actions + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: X-Cache-Info + action: + type: Set + set: + value: "not cacheable; meta data too large" + - name: X-XSS-Protection + action: + type: Delete + - name: X-Source + action: + type: Set + set: + value: "%[res.hdr(X-Value),lower]" + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: "%{+Q}[ssl_c_der,base64]" + - name: Content-Language + action: + type: Delete + - name: X-Target + action: + type: Set + set: + value: "%[req.hdr(host),lower]" + - name: X-Conditional + action: + type: Set + set: + value: "%[req.hdr(Host)] if foo" + - name: X-Condition + action: + type: Set + set: + value: "%[req.hdr(Host)]\ if\ foo" + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + httpEmptyRequestsPolicy: Respond + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: X-Cache-Info + action: + type: Set + set: + value: "not cacheable; meta data too large" + - name: X-XSS-Protection + action: + type: Delete + - name: X-Source + action: + type: Set + set: + value: "%[res.hdr(X-Value),lower]" + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: "%{+Q}[ssl_c_der,base64]" + - name: Content-Language + action: + type: Delete + - name: X-Target + action: + type: Set + set: + value: "%[req.hdr(host),lower]" + - name: X-Conditional + action: + type: Set + set: + value: "%[req.hdr(Host)] if foo" + - name: X-Condition + action: + type: Set + set: + value: "%[req.hdr(Host)]\ if\ foo" + - name: Should not allow to set/delete HSTS header. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-hsts + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: Strict-Transport-Security + action: + type: Delete + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + expectedError: "strict-transport-security header may not be modified via header actions" + - name: Should not allow to set/delete Proxy header. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-hsts + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + request: + - name: Proxy + action: + type: Set + set: + value: example.xyz + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + expectedError: "proxy header may not be modified via header actions" + - name: Should not allow to set/delete Host header. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-hsts + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + request: + - name: Host + action: + type: Set + set: + value: example.xyz + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + expectedError: "host header may not be modified via header actions" + - name: Should not allow to set/delete cookie header. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-hsts + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + request: + - name: Cookie + action: + type: Set + set: + value: "PHPSESSID=298zf09hf012fh2; csrftoken=u32t4o3tb3gg43; _gat=1" + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + expectedError: "cookie header may not be modified via header actions" + - name: Should not allow to set/delete set-cookie header. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-hsts + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: Set-Cookie + action: + type: Set + set: + value: "sessionId=e8bb43229de9; Domain=foo.example.com" + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + expectedError: "set-cookie header may not be modified via header actions" + - name: Should not allow to set/delete dynamic headers with unclosed braces. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-unclosed-braces + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + - name: expires + action: + type: Set + set: + value: "%[req.hdr(host),lower" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set dynamic response header values with not allowed sample fetchers. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: X-Target + action: + type: Set + set: + value: "%[req.hdrs(host),lower]" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow empty value in response. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: + expectedError: 'IngressController.operator.openshift.io "default-not-allowed-values" is invalid: [spec.httpHeaders.actions.response[0].action.set.value: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' + - name: Should not allow empty value in request. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + request: + - name: X-Frame-Options + action: + type: Set + set: + value: + expectedError: 'IngressController.operator.openshift.io "default-not-allowed-values" is invalid: [spec.httpHeaders.actions.request[0].action.set.value: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' + - name: Should not allow to set dynamic response header values with not allowed converters. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: X-Source + action: + type: Set + set: + value: "%{+Q}[ssl_c_der,bogus]" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set dynamic request header values containing sample fetcher res.hdr. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + request: + - name: X-Target + action: + type: Set + set: + value: "%[res.hdr(X-Value),lower]" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set dynamic response headers value containing sample fetcher req.hdr. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Source + action: + type: Set + set: + value: "%[req.hdr(host),lower]" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set dynamic request header values with not allowed converters. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + request: + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: "%{+Q}[ssl_c_der,hello]" + - name: Content-Language + action: + type: Delete + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set dynamic request header values with not allowed sample fetchers. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + request: + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: "%{+Q}[ssl_c_der1234,base64]" + - name: Content-Language + action: + type: Delete + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should be required to specify the set field when the discriminant type is Set. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + expectedError: "set is required when type is Set, and forbidden otherwise" + - name: Should be able to add set field only when discriminant type is Set. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + set: + value: DENY + expectedError: 'IngressController.operator.openshift.io "default-not-allowed-values" is invalid: [spec.httpHeaders.actions.response[0].action.type: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' diff --git a/vendor/github.com/openshift/api/operator/v1/types_ingress.go b/vendor/github.com/openshift/api/operator/v1/types_ingress.go index 13d020420c..3d9f512a93 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_ingress.go +++ b/vendor/github.com/openshift/api/operator/v1/types_ingress.go @@ -1399,6 +1399,144 @@ type IngressControllerHTTPHeaders struct { // +nullable // +optional HeaderNameCaseAdjustments []IngressControllerHTTPHeaderNameCaseAdjustment `json:"headerNameCaseAdjustments,omitempty"` + + // actions specifies options for modifying headers and their values. + // Note that this option only applies to cleartext HTTP connections + // and to secure HTTP connections for which the ingress controller + // terminates encryption (that is, edge-terminated or reencrypt + // connections). Headers cannot be modified for TLS passthrough + // connections. + // Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` + // may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in + // accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. + // Any actions defined here are applied after any actions related to the following other fields: + // cache-control, spec.clientTLS, + // spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, + // and spec.httpHeaders.headerNameCaseAdjustments. + // In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after + // the actions specified in the IngressController's spec.httpHeaders.actions field. + // In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be + // executed after the actions specified in the Route's spec.httpHeaders.actions field. + // Headers set using this API cannot be captured for use in access logs. + // The following header names are reserved and may not be modified via this API: + // Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + // Note that the total size of all net added headers *after* interpolating dynamic values + // must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + // IngressController. Please refer to the documentation + // for that API field for more details. + // +optional + Actions IngressControllerHTTPHeaderActions `json:"actions,omitempty"` +} + +// IngressControllerHTTPHeaderActions defines configuration for actions on HTTP request and response headers. +type IngressControllerHTTPHeaderActions struct { + // response is a list of HTTP response headers to modify. + // Actions defined here will modify the response headers of all requests passing through an ingress controller. + // These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. + // IngressController actions for response headers will be executed after Route actions. + // Currently, actions may define to either `Set` or `Delete` headers values. + // Actions are applied in sequence as defined in this list. + // A maximum of 20 response header actions may be configured. + // Sample fetchers allowed are "res.hdr" and "ssl_c_der". + // Converters allowed are "lower" and "base64". + // Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + // +listType=map + // +listMapKey=name + // +optional + // +kubebuilder:validation:MaxItems=20 + // +kubebuilder:validation:XValidation:rule=`self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$')))`,message="Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + Response []IngressControllerHTTPHeader `json:"response"` + // request is a list of HTTP request headers to modify. + // Actions defined here will modify the request headers of all requests passing through an ingress controller. + // These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. + // IngressController actions for request headers will be executed before Route actions. + // Currently, actions may define to either `Set` or `Delete` headers values. + // Actions are applied in sequence as defined in this list. + // A maximum of 20 request header actions may be configured. + // Sample fetchers allowed are "req.hdr" and "ssl_c_der". + // Converters allowed are "lower" and "base64". + // Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + // + --- + // + Note: Any change to regex mentioned below must be reflected in the CRD validation of route in https://github.com/openshift/library-go/blob/master/pkg/route/validation/validation.go and vice-versa. + // +listType=map + // +listMapKey=name + // +optional + // +kubebuilder:validation:MaxItems=20 + // +kubebuilder:validation:XValidation:rule=`self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$')))`,message="Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + Request []IngressControllerHTTPHeader `json:"request"` +} + +// IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header. +type IngressControllerHTTPHeader struct { + // name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header + // name as defined in RFC 2616 section 4.2. + // The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". + // The following header names are reserved and may not be modified via this API: + // Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + // It must be no more than 255 characters in length. + // Header name must be unique. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:Pattern="^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'strict-transport-security'",message="strict-transport-security header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'proxy'",message="proxy header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'host'",message="host header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'cookie'",message="cookie header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'set-cookie'",message="set-cookie header may not be modified via header actions" + Name string `json:"name"` + // action specifies actions to perform on headers, such as setting or deleting headers. + // +kubebuilder:validation:Required + Action IngressControllerHTTPHeaderActionUnion `json:"action"` +} + +// IngressControllerHTTPHeaderActionUnion specifies an action to take on an HTTP header. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Set' ? has(self.set) : !has(self.set)",message="set is required when type is Set, and forbidden otherwise" +// +union +type IngressControllerHTTPHeaderActionUnion struct { + // type defines the type of the action to be applied on the header. + // Possible values are Set or Delete. + // Set allows you to set HTTP request and response headers. + // Delete allows you to delete HTTP request and response headers. + // +unionDiscriminator + // +kubebuilder:validation:Enum:=Set;Delete + // +kubebuilder:validation:Required + Type IngressControllerHTTPHeaderActionType `json:"type"` + + // set specifies how the HTTP header should be set. + // This field is required when type is Set and forbidden otherwise. + // +optional + // +unionMember + Set *IngressControllerSetHTTPHeader `json:"set,omitempty"` +} + +// IngressControllerHTTPHeaderActionType defines actions that can be performed on HTTP headers. +type IngressControllerHTTPHeaderActionType string + +const ( + // Set specifies that an HTTP header should be set. + Set IngressControllerHTTPHeaderActionType = "Set" + // Delete specifies that an HTTP header should be deleted. + Delete IngressControllerHTTPHeaderActionType = "Delete" +) + +// IngressControllerSetHTTPHeader defines the value which needs to be set on an HTTP header. +type IngressControllerSetHTTPHeader struct { + // value specifies a header value. + // Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in + // http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and + // otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + // The value of this field must be no more than 16384 characters in length. + // Note that the total size of all net added headers *after* interpolating dynamic values + // must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + // IngressController. + // + --- + // + Note: This limit was selected as most common web servers have a limit of 16384 characters or some lower limit. + // + See . + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=16384 + Value string `json:"value"` } // IngressControllerTuningOptions specifies options for tuning the performance diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go index b72d5296fb..3f47cd4416 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go @@ -1867,6 +1867,74 @@ func (in *IngressControllerCaptureHTTPHeaders) DeepCopy() *IngressControllerCapt return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerHTTPHeader) DeepCopyInto(out *IngressControllerHTTPHeader) { + *out = *in + in.Action.DeepCopyInto(&out.Action) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerHTTPHeader. +func (in *IngressControllerHTTPHeader) DeepCopy() *IngressControllerHTTPHeader { + if in == nil { + return nil + } + out := new(IngressControllerHTTPHeader) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerHTTPHeaderActionUnion) DeepCopyInto(out *IngressControllerHTTPHeaderActionUnion) { + *out = *in + if in.Set != nil { + in, out := &in.Set, &out.Set + *out = new(IngressControllerSetHTTPHeader) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerHTTPHeaderActionUnion. +func (in *IngressControllerHTTPHeaderActionUnion) DeepCopy() *IngressControllerHTTPHeaderActionUnion { + if in == nil { + return nil + } + out := new(IngressControllerHTTPHeaderActionUnion) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerHTTPHeaderActions) DeepCopyInto(out *IngressControllerHTTPHeaderActions) { + *out = *in + if in.Response != nil { + in, out := &in.Response, &out.Response + *out = make([]IngressControllerHTTPHeader, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Request != nil { + in, out := &in.Request, &out.Request + *out = make([]IngressControllerHTTPHeader, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerHTTPHeaderActions. +func (in *IngressControllerHTTPHeaderActions) DeepCopy() *IngressControllerHTTPHeaderActions { + if in == nil { + return nil + } + out := new(IngressControllerHTTPHeaderActions) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IngressControllerHTTPHeaders) DeepCopyInto(out *IngressControllerHTTPHeaders) { *out = *in @@ -1876,6 +1944,7 @@ func (in *IngressControllerHTTPHeaders) DeepCopyInto(out *IngressControllerHTTPH *out = make([]IngressControllerHTTPHeaderNameCaseAdjustment, len(*in)) copy(*out, *in) } + in.Actions.DeepCopyInto(&out.Actions) return } @@ -1959,6 +2028,22 @@ func (in *IngressControllerLogging) DeepCopy() *IngressControllerLogging { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerSetHTTPHeader) DeepCopyInto(out *IngressControllerSetHTTPHeader) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerSetHTTPHeader. +func (in *IngressControllerSetHTTPHeader) DeepCopy() *IngressControllerSetHTTPHeader { + if in == nil { + return nil + } + out := new(IngressControllerSetHTTPHeader) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IngressControllerSpec) DeepCopyInto(out *IngressControllerSpec) { *out = *in diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index 0336ec25b0..d10bbd51f2 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -850,11 +850,42 @@ func (IngressControllerCaptureHTTPHeaders) SwaggerDoc() map[string]string { return map_IngressControllerCaptureHTTPHeaders } +var map_IngressControllerHTTPHeader = map[string]string{ + "": "IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header.", + "name": "name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, \"-!#$%&'*+.^_`\". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.", + "action": "action specifies actions to perform on headers, such as setting or deleting headers.", +} + +func (IngressControllerHTTPHeader) SwaggerDoc() map[string]string { + return map_IngressControllerHTTPHeader +} + +var map_IngressControllerHTTPHeaderActionUnion = map[string]string{ + "": "IngressControllerHTTPHeaderActionUnion specifies an action to take on an HTTP header.", + "type": "type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.", + "set": "set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise.", +} + +func (IngressControllerHTTPHeaderActionUnion) SwaggerDoc() map[string]string { + return map_IngressControllerHTTPHeaderActionUnion +} + +var map_IngressControllerHTTPHeaderActions = map[string]string{ + "": "IngressControllerHTTPHeaderActions defines configuration for actions on HTTP request and response headers.", + "response": "response is a list of HTTP response headers to modify. Actions defined here will modify the response headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for response headers will be executed after Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. Sample fetchers allowed are \"res.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[res.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\".", + "request": "request is a list of HTTP request headers to modify. Actions defined here will modify the request headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for request headers will be executed before Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. Sample fetchers allowed are \"req.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[req.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\". ", +} + +func (IngressControllerHTTPHeaderActions) SwaggerDoc() map[string]string { + return map_IngressControllerHTTPHeaderActions +} + var map_IngressControllerHTTPHeaders = map[string]string{ "": "IngressControllerHTTPHeaders specifies how the IngressController handles certain HTTP headers.", "forwardedHeaderPolicy": "forwardedHeaderPolicy specifies when and how the IngressController sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version HTTP headers. The value may be one of the following:\n\n* \"Append\", which specifies that the IngressController appends the\n headers, preserving existing headers.\n\n* \"Replace\", which specifies that the IngressController sets the\n headers, replacing any existing Forwarded or X-Forwarded-* headers.\n\n* \"IfNone\", which specifies that the IngressController sets the\n headers if they are not already set.\n\n* \"Never\", which specifies that the IngressController never sets the\n headers, preserving any existing headers.\n\nBy default, the policy is \"Append\".", "uniqueId": "uniqueId describes configuration for a custom HTTP header that the ingress controller should inject into incoming HTTP requests. Typically, this header is configured to have a value that is unique to the HTTP request. The header can be used by applications or included in access logs to facilitate tracing individual HTTP requests.\n\nIf this field is empty, no such header is injected into requests.", "headerNameCaseAdjustments": "headerNameCaseAdjustments specifies case adjustments that can be applied to HTTP header names. Each adjustment is specified as an HTTP header name with the desired capitalization. For example, specifying \"X-Forwarded-For\" indicates that the \"x-forwarded-for\" HTTP header should be adjusted to have the specified capitalization.\n\nThese adjustments are only applied to cleartext, edge-terminated, and re-encrypt routes, and only when using HTTP/1.\n\nFor request headers, these adjustments are applied only for routes that have the haproxy.router.openshift.io/h1-adjust-case=true annotation. For response headers, these adjustments are applied to all HTTP responses.\n\nIf this field is empty, no request headers are adjusted.", + "actions": "actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the \"haproxy.router.openshift.io/hsts_header\" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController's spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route's spec.httpHeaders.actions field. Headers set using this API cannot be captured for use in access logs. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.", } func (IngressControllerHTTPHeaders) SwaggerDoc() map[string]string { @@ -889,6 +920,15 @@ func (IngressControllerLogging) SwaggerDoc() map[string]string { return map_IngressControllerLogging } +var map_IngressControllerSetHTTPHeader = map[string]string{ + "": "IngressControllerSetHTTPHeader defines the value which needs to be set on an HTTP header.", + "value": "value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. ", +} + +func (IngressControllerSetHTTPHeader) SwaggerDoc() map[string]string { + return map_IngressControllerSetHTTPHeader +} + var map_IngressControllerSpec = map[string]string{ "": "IngressControllerSpec is the specification of the desired behavior of the IngressController.", "domain": "domain is a DNS name serviced by the ingress controller and is used to configure multiple features:\n\n* For the LoadBalancerService endpoint publishing strategy, domain is\n used to configure DNS records. See endpointPublishingStrategy.\n\n* When using a generated default certificate, the certificate will be valid\n for domain and its subdomains. See defaultCertificate.\n\n* The value is published to individual Route statuses so that end-users\n know where to target external DNS records.\n\ndomain must be unique among all IngressControllers, and cannot be updated.\n\nIf empty, defaults to ingress.config.openshift.io/cluster .spec.domain.", diff --git a/vendor/github.com/openshift/api/route/v1/generated.pb.go b/vendor/github.com/openshift/api/route/v1/generated.pb.go index e7c3284895..2adcd1cc86 100644 --- a/vendor/github.com/openshift/api/route/v1/generated.pb.go +++ b/vendor/github.com/openshift/api/route/v1/generated.pb.go @@ -86,10 +86,122 @@ func (m *Route) XXX_DiscardUnknown() { var xxx_messageInfo_Route proto.InternalMessageInfo +func (m *RouteHTTPHeader) Reset() { *m = RouteHTTPHeader{} } +func (*RouteHTTPHeader) ProtoMessage() {} +func (*RouteHTTPHeader) Descriptor() ([]byte, []int) { + return fileDescriptor_373b8fa7ff738721, []int{2} +} +func (m *RouteHTTPHeader) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *RouteHTTPHeader) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *RouteHTTPHeader) XXX_Merge(src proto.Message) { + xxx_messageInfo_RouteHTTPHeader.Merge(m, src) +} +func (m *RouteHTTPHeader) XXX_Size() int { + return m.Size() +} +func (m *RouteHTTPHeader) XXX_DiscardUnknown() { + xxx_messageInfo_RouteHTTPHeader.DiscardUnknown(m) +} + +var xxx_messageInfo_RouteHTTPHeader proto.InternalMessageInfo + +func (m *RouteHTTPHeaderActionUnion) Reset() { *m = RouteHTTPHeaderActionUnion{} } +func (*RouteHTTPHeaderActionUnion) ProtoMessage() {} +func (*RouteHTTPHeaderActionUnion) Descriptor() ([]byte, []int) { + return fileDescriptor_373b8fa7ff738721, []int{3} +} +func (m *RouteHTTPHeaderActionUnion) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *RouteHTTPHeaderActionUnion) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *RouteHTTPHeaderActionUnion) XXX_Merge(src proto.Message) { + xxx_messageInfo_RouteHTTPHeaderActionUnion.Merge(m, src) +} +func (m *RouteHTTPHeaderActionUnion) XXX_Size() int { + return m.Size() +} +func (m *RouteHTTPHeaderActionUnion) XXX_DiscardUnknown() { + xxx_messageInfo_RouteHTTPHeaderActionUnion.DiscardUnknown(m) +} + +var xxx_messageInfo_RouteHTTPHeaderActionUnion proto.InternalMessageInfo + +func (m *RouteHTTPHeaderActions) Reset() { *m = RouteHTTPHeaderActions{} } +func (*RouteHTTPHeaderActions) ProtoMessage() {} +func (*RouteHTTPHeaderActions) Descriptor() ([]byte, []int) { + return fileDescriptor_373b8fa7ff738721, []int{4} +} +func (m *RouteHTTPHeaderActions) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *RouteHTTPHeaderActions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *RouteHTTPHeaderActions) XXX_Merge(src proto.Message) { + xxx_messageInfo_RouteHTTPHeaderActions.Merge(m, src) +} +func (m *RouteHTTPHeaderActions) XXX_Size() int { + return m.Size() +} +func (m *RouteHTTPHeaderActions) XXX_DiscardUnknown() { + xxx_messageInfo_RouteHTTPHeaderActions.DiscardUnknown(m) +} + +var xxx_messageInfo_RouteHTTPHeaderActions proto.InternalMessageInfo + +func (m *RouteHTTPHeaders) Reset() { *m = RouteHTTPHeaders{} } +func (*RouteHTTPHeaders) ProtoMessage() {} +func (*RouteHTTPHeaders) Descriptor() ([]byte, []int) { + return fileDescriptor_373b8fa7ff738721, []int{5} +} +func (m *RouteHTTPHeaders) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *RouteHTTPHeaders) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *RouteHTTPHeaders) XXX_Merge(src proto.Message) { + xxx_messageInfo_RouteHTTPHeaders.Merge(m, src) +} +func (m *RouteHTTPHeaders) XXX_Size() int { + return m.Size() +} +func (m *RouteHTTPHeaders) XXX_DiscardUnknown() { + xxx_messageInfo_RouteHTTPHeaders.DiscardUnknown(m) +} + +var xxx_messageInfo_RouteHTTPHeaders proto.InternalMessageInfo + func (m *RouteIngress) Reset() { *m = RouteIngress{} } func (*RouteIngress) ProtoMessage() {} func (*RouteIngress) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{2} + return fileDescriptor_373b8fa7ff738721, []int{6} } func (m *RouteIngress) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -117,7 +229,7 @@ var xxx_messageInfo_RouteIngress proto.InternalMessageInfo func (m *RouteIngressCondition) Reset() { *m = RouteIngressCondition{} } func (*RouteIngressCondition) ProtoMessage() {} func (*RouteIngressCondition) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{3} + return fileDescriptor_373b8fa7ff738721, []int{7} } func (m *RouteIngressCondition) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -145,7 +257,7 @@ var xxx_messageInfo_RouteIngressCondition proto.InternalMessageInfo func (m *RouteList) Reset() { *m = RouteList{} } func (*RouteList) ProtoMessage() {} func (*RouteList) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{4} + return fileDescriptor_373b8fa7ff738721, []int{8} } func (m *RouteList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -173,7 +285,7 @@ var xxx_messageInfo_RouteList proto.InternalMessageInfo func (m *RoutePort) Reset() { *m = RoutePort{} } func (*RoutePort) ProtoMessage() {} func (*RoutePort) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{5} + return fileDescriptor_373b8fa7ff738721, []int{9} } func (m *RoutePort) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -198,10 +310,38 @@ func (m *RoutePort) XXX_DiscardUnknown() { var xxx_messageInfo_RoutePort proto.InternalMessageInfo +func (m *RouteSetHTTPHeader) Reset() { *m = RouteSetHTTPHeader{} } +func (*RouteSetHTTPHeader) ProtoMessage() {} +func (*RouteSetHTTPHeader) Descriptor() ([]byte, []int) { + return fileDescriptor_373b8fa7ff738721, []int{10} +} +func (m *RouteSetHTTPHeader) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *RouteSetHTTPHeader) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *RouteSetHTTPHeader) XXX_Merge(src proto.Message) { + xxx_messageInfo_RouteSetHTTPHeader.Merge(m, src) +} +func (m *RouteSetHTTPHeader) XXX_Size() int { + return m.Size() +} +func (m *RouteSetHTTPHeader) XXX_DiscardUnknown() { + xxx_messageInfo_RouteSetHTTPHeader.DiscardUnknown(m) +} + +var xxx_messageInfo_RouteSetHTTPHeader proto.InternalMessageInfo + func (m *RouteSpec) Reset() { *m = RouteSpec{} } func (*RouteSpec) ProtoMessage() {} func (*RouteSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{6} + return fileDescriptor_373b8fa7ff738721, []int{11} } func (m *RouteSpec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -229,7 +369,7 @@ var xxx_messageInfo_RouteSpec proto.InternalMessageInfo func (m *RouteStatus) Reset() { *m = RouteStatus{} } func (*RouteStatus) ProtoMessage() {} func (*RouteStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{7} + return fileDescriptor_373b8fa7ff738721, []int{12} } func (m *RouteStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -257,7 +397,7 @@ var xxx_messageInfo_RouteStatus proto.InternalMessageInfo func (m *RouteTargetReference) Reset() { *m = RouteTargetReference{} } func (*RouteTargetReference) ProtoMessage() {} func (*RouteTargetReference) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{8} + return fileDescriptor_373b8fa7ff738721, []int{13} } func (m *RouteTargetReference) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -285,7 +425,7 @@ var xxx_messageInfo_RouteTargetReference proto.InternalMessageInfo func (m *RouterShard) Reset() { *m = RouterShard{} } func (*RouterShard) ProtoMessage() {} func (*RouterShard) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{9} + return fileDescriptor_373b8fa7ff738721, []int{14} } func (m *RouterShard) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -313,7 +453,7 @@ var xxx_messageInfo_RouterShard proto.InternalMessageInfo func (m *TLSConfig) Reset() { *m = TLSConfig{} } func (*TLSConfig) ProtoMessage() {} func (*TLSConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_373b8fa7ff738721, []int{10} + return fileDescriptor_373b8fa7ff738721, []int{15} } func (m *TLSConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -341,10 +481,15 @@ var xxx_messageInfo_TLSConfig proto.InternalMessageInfo func init() { proto.RegisterType((*LocalObjectReference)(nil), "github.com.openshift.api.route.v1.LocalObjectReference") proto.RegisterType((*Route)(nil), "github.com.openshift.api.route.v1.Route") + proto.RegisterType((*RouteHTTPHeader)(nil), "github.com.openshift.api.route.v1.RouteHTTPHeader") + proto.RegisterType((*RouteHTTPHeaderActionUnion)(nil), "github.com.openshift.api.route.v1.RouteHTTPHeaderActionUnion") + proto.RegisterType((*RouteHTTPHeaderActions)(nil), "github.com.openshift.api.route.v1.RouteHTTPHeaderActions") + proto.RegisterType((*RouteHTTPHeaders)(nil), "github.com.openshift.api.route.v1.RouteHTTPHeaders") proto.RegisterType((*RouteIngress)(nil), "github.com.openshift.api.route.v1.RouteIngress") proto.RegisterType((*RouteIngressCondition)(nil), "github.com.openshift.api.route.v1.RouteIngressCondition") proto.RegisterType((*RouteList)(nil), "github.com.openshift.api.route.v1.RouteList") proto.RegisterType((*RoutePort)(nil), "github.com.openshift.api.route.v1.RoutePort") + proto.RegisterType((*RouteSetHTTPHeader)(nil), "github.com.openshift.api.route.v1.RouteSetHTTPHeader") proto.RegisterType((*RouteSpec)(nil), "github.com.openshift.api.route.v1.RouteSpec") proto.RegisterType((*RouteStatus)(nil), "github.com.openshift.api.route.v1.RouteStatus") proto.RegisterType((*RouteTargetReference)(nil), "github.com.openshift.api.route.v1.RouteTargetReference") @@ -357,84 +502,96 @@ func init() { } var fileDescriptor_373b8fa7ff738721 = []byte{ - // 1217 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x57, 0xcf, 0x92, 0xd3, 0xc6, - 0x13, 0x5e, 0xd9, 0xde, 0x3f, 0x1e, 0x03, 0xbf, 0x1f, 0x03, 0x04, 0x43, 0x15, 0x36, 0xe8, 0x90, - 0x82, 0x14, 0x91, 0xb2, 0x1b, 0x92, 0x50, 0x95, 0xca, 0x01, 0x2d, 0x14, 0x59, 0x30, 0x0b, 0x35, - 0x76, 0x85, 0x0a, 0xc5, 0x21, 0xb3, 0xd2, 0x58, 0x9e, 0xac, 0x3d, 0xa3, 0xcc, 0x8c, 0x81, 0xbd, - 0xa4, 0xa8, 0xe4, 0x05, 0xc8, 0xdb, 0xe4, 0x9e, 0x0b, 0x47, 0x8e, 0x9c, 0x5c, 0x59, 0xe7, 0x98, - 0x37, 0xd8, 0x53, 0x6a, 0x46, 0x63, 0x49, 0xf6, 0xda, 0x60, 0x92, 0x9b, 0xd5, 0xfd, 0x7d, 0x5f, - 0xf7, 0x74, 0xb7, 0x7a, 0x64, 0xb0, 0x19, 0x53, 0xd5, 0x1b, 0xee, 0x79, 0x21, 0x1f, 0xf8, 0x3c, - 0x21, 0x4c, 0xf6, 0x68, 0x57, 0xf9, 0x38, 0xa1, 0xbe, 0xe0, 0x43, 0x45, 0xfc, 0x67, 0x9b, 0x7e, - 0x4c, 0x18, 0x11, 0x58, 0x91, 0xc8, 0x4b, 0x04, 0x57, 0x1c, 0x5e, 0xc9, 0x29, 0x5e, 0x46, 0xf1, - 0x70, 0x42, 0x3d, 0x43, 0xf1, 0x9e, 0x6d, 0x5e, 0xfc, 0xb4, 0xa0, 0x1a, 0xf3, 0x98, 0xfb, 0x86, - 0xb9, 0x37, 0xec, 0x9a, 0x27, 0xf3, 0x60, 0x7e, 0xa5, 0x8a, 0x17, 0xdd, 0xfd, 0x9b, 0xd2, 0xa3, - 0xdc, 0x84, 0x0d, 0xb9, 0x98, 0x17, 0xf5, 0xe2, 0x8d, 0x1c, 0x33, 0xc0, 0x61, 0x8f, 0x32, 0x22, - 0x0e, 0xfc, 0x64, 0x3f, 0xd6, 0x06, 0xe9, 0x0f, 0x88, 0xc2, 0xf3, 0x58, 0x5f, 0x2e, 0x62, 0x89, - 0x21, 0x53, 0x74, 0x40, 0x7c, 0x19, 0xf6, 0xc8, 0x00, 0x1f, 0xe3, 0x7d, 0xbe, 0x88, 0x37, 0x54, - 0xb4, 0xef, 0x53, 0xa6, 0xa4, 0x12, 0xb3, 0x24, 0xf7, 0x26, 0x38, 0xdb, 0xe2, 0x21, 0xee, 0x3f, - 0xdc, 0xfb, 0x91, 0x84, 0x0a, 0x91, 0x2e, 0x11, 0x84, 0x85, 0x04, 0x5e, 0x06, 0x15, 0x86, 0x07, - 0xa4, 0xee, 0x5c, 0x76, 0xae, 0x56, 0x83, 0x13, 0xaf, 0x47, 0xcd, 0x95, 0xf1, 0xa8, 0x59, 0xd9, - 0xc5, 0x03, 0x82, 0x8c, 0xc7, 0xfd, 0xad, 0x04, 0x56, 0x91, 0x2e, 0x1e, 0xfc, 0x01, 0x6c, 0xe8, - 0xb3, 0x44, 0x58, 0x61, 0x83, 0xaf, 0x6d, 0x7d, 0xe6, 0xa5, 0xb9, 0x78, 0xc5, 0x5c, 0xbc, 0x64, - 0x3f, 0xd6, 0x06, 0xe9, 0x69, 0xb4, 0xf7, 0x6c, 0xd3, 0x4b, 0x83, 0x3e, 0x20, 0x0a, 0x07, 0xd0, - 0x46, 0x00, 0xb9, 0x0d, 0x65, 0xaa, 0x70, 0x17, 0x54, 0x64, 0x42, 0xc2, 0x7a, 0xc9, 0xa8, 0x5f, - 0xf7, 0xde, 0xdb, 0x4d, 0xcf, 0x64, 0xd6, 0x4e, 0x48, 0x98, 0xe7, 0xae, 0x9f, 0x90, 0xd1, 0x81, - 0xdf, 0x81, 0x35, 0xa9, 0xb0, 0x1a, 0xca, 0x7a, 0xd9, 0x28, 0x7a, 0x4b, 0x2b, 0x1a, 0x56, 0x70, - 0xca, 0x6a, 0xae, 0xa5, 0xcf, 0xc8, 0xaa, 0xb9, 0xbf, 0x96, 0xc1, 0x09, 0x83, 0xdb, 0x61, 0xb1, - 0x20, 0x52, 0xea, 0x32, 0xf6, 0xb8, 0x54, 0xb3, 0x65, 0xfc, 0x96, 0x4b, 0x85, 0x8c, 0x07, 0x6e, - 0x01, 0x60, 0x42, 0x08, 0x5d, 0x5a, 0x73, 0xc0, 0x6a, 0x5e, 0x0c, 0x94, 0x79, 0x50, 0x01, 0x05, - 0xfb, 0x00, 0x84, 0x9c, 0x45, 0x54, 0x51, 0xce, 0xf4, 0x11, 0xca, 0x57, 0x6b, 0x5b, 0x37, 0x97, - 0x3d, 0x82, 0x4d, 0x6d, 0x7b, 0x22, 0x90, 0x47, 0xcb, 0x4c, 0x12, 0x15, 0xf4, 0x61, 0x07, 0x9c, - 0x7a, 0x4e, 0xfb, 0x51, 0x88, 0x45, 0xf4, 0x88, 0xf7, 0x69, 0x78, 0x50, 0xaf, 0x98, 0x2c, 0xaf, - 0x5b, 0xde, 0xa9, 0xc7, 0x53, 0xde, 0xa3, 0x51, 0x13, 0x4e, 0x5b, 0x3a, 0x07, 0x09, 0x41, 0x33, - 0x1a, 0xf0, 0x7b, 0x70, 0x3e, 0x3d, 0xd1, 0x36, 0x66, 0x9c, 0xd1, 0x10, 0xf7, 0x75, 0x51, 0xcc, - 0xcc, 0xad, 0x1a, 0xf9, 0xa6, 0x95, 0x3f, 0x8f, 0xe6, 0xc3, 0xd0, 0x22, 0xbe, 0xfb, 0x77, 0x09, - 0x9c, 0x9b, 0x7b, 0x54, 0xf8, 0x0d, 0xa8, 0xa8, 0x83, 0x64, 0x32, 0xd5, 0xd7, 0x26, 0xed, 0xd0, - 0x09, 0x1e, 0x8d, 0x9a, 0x17, 0xe6, 0x92, 0x4c, 0xf6, 0x86, 0x06, 0x5b, 0xd9, 0xd8, 0xa4, 0x7d, - 0xba, 0x31, 0x3d, 0x06, 0x47, 0xa3, 0xe6, 0x9c, 0xad, 0xe0, 0x65, 0x4a, 0xd3, 0xc3, 0x02, 0x3f, - 0x06, 0x6b, 0x82, 0x60, 0xc9, 0x99, 0x19, 0xc2, 0x6a, 0x3e, 0x54, 0xc8, 0x58, 0x91, 0xf5, 0xc2, - 0x6b, 0x60, 0x7d, 0x40, 0xa4, 0xc4, 0x31, 0xb1, 0x85, 0xff, 0x9f, 0x05, 0xae, 0x3f, 0x48, 0xcd, - 0x68, 0xe2, 0x87, 0x02, 0xc0, 0x3e, 0x96, 0xaa, 0x23, 0x30, 0x93, 0x69, 0xf2, 0xd4, 0xd6, 0xb3, - 0xb6, 0xf5, 0xc9, 0x72, 0xef, 0xa4, 0x66, 0x04, 0x1f, 0x8d, 0x47, 0x4d, 0xd8, 0x3a, 0xa6, 0x84, - 0xe6, 0xa8, 0xbb, 0xbf, 0x3b, 0xa0, 0x6a, 0x0a, 0xd7, 0xa2, 0x52, 0xc1, 0xa7, 0xc7, 0x76, 0x81, - 0xb7, 0x5c, 0x5c, 0xcd, 0x36, 0x9b, 0xe0, 0xff, 0xf6, 0x74, 0x1b, 0x13, 0x4b, 0x61, 0x0f, 0x3c, - 0x00, 0xab, 0x54, 0x91, 0x81, 0xae, 0xbf, 0x9e, 0xf9, 0xab, 0xcb, 0xce, 0x7c, 0x70, 0xd2, 0x8a, - 0xae, 0xee, 0x68, 0x3a, 0x4a, 0x55, 0xdc, 0x9f, 0x6c, 0xe6, 0x8f, 0xb8, 0x50, 0x30, 0x02, 0x40, - 0x61, 0x11, 0x13, 0xa5, 0x9f, 0xde, 0xbb, 0xc7, 0xf4, 0x4e, 0xf5, 0xd2, 0x9d, 0xea, 0xed, 0x30, - 0xf5, 0x50, 0xb4, 0x95, 0xa0, 0x2c, 0xce, 0x5f, 0xa6, 0x4e, 0xa6, 0x85, 0x0a, 0xba, 0xee, 0x1f, - 0x15, 0x1b, 0x53, 0x6f, 0xa3, 0x25, 0xd6, 0x83, 0x0f, 0xaa, 0x72, 0xb8, 0x17, 0xf1, 0x01, 0xa6, - 0xac, 0xbe, 0x61, 0x60, 0xa7, 0x2d, 0xac, 0xda, 0x9e, 0x38, 0x50, 0x8e, 0xd1, 0x92, 0x09, 0x56, - 0x3d, 0x3b, 0xa1, 0x99, 0xe4, 0x23, 0xac, 0x7a, 0xc8, 0x78, 0x60, 0x1b, 0x94, 0x14, 0xb7, 0x8b, - 0xef, 0xab, 0x65, 0x2b, 0x98, 0x1e, 0x27, 0xbb, 0x1f, 0x02, 0x60, 0x85, 0x4b, 0x1d, 0x8e, 0x4a, - 0x8a, 0xc3, 0x97, 0x0e, 0x38, 0x8d, 0xfb, 0x8a, 0x08, 0x86, 0x15, 0x09, 0x70, 0xb8, 0x4f, 0x58, - 0x24, 0xeb, 0x15, 0xd3, 0xa6, 0x7f, 0x1d, 0xe4, 0x82, 0x0d, 0x72, 0xfa, 0xd6, 0xac, 0x32, 0x3a, - 0x1e, 0x0c, 0xde, 0x03, 0x95, 0x44, 0xb7, 0x6e, 0xf5, 0xc3, 0x2e, 0x09, 0xdd, 0x96, 0x60, 0xc3, - 0xd4, 0x48, 0x37, 0xcb, 0x68, 0xc0, 0xbb, 0xa0, 0xac, 0xfa, 0xb2, 0xbe, 0xb6, 0xb4, 0x54, 0xa7, - 0xd5, 0xde, 0xe6, 0xac, 0x4b, 0xe3, 0x60, 0x7d, 0x3c, 0x6a, 0x96, 0x3b, 0xad, 0x36, 0xd2, 0x0a, - 0x73, 0x96, 0xe7, 0xfa, 0x7f, 0x5f, 0x9e, 0x2e, 0x05, 0xb5, 0xc2, 0x75, 0x04, 0x9f, 0x80, 0x75, - 0x9a, 0x6e, 0xad, 0xba, 0x63, 0x2a, 0xee, 0x7f, 0xe0, 0x65, 0x90, 0xaf, 0x14, 0x6b, 0x40, 0x13, - 0x41, 0xf7, 0x67, 0x70, 0x76, 0x5e, 0x6f, 0xf4, 0x9c, 0xed, 0x53, 0x16, 0xcd, 0x8e, 0xee, 0x7d, - 0xca, 0x22, 0x64, 0x3c, 0xd9, 0x27, 0x44, 0x69, 0xd1, 0x27, 0x04, 0x74, 0xc1, 0xda, 0x73, 0x42, - 0xe3, 0x9e, 0x32, 0xd3, 0xb8, 0x1a, 0x00, 0xbd, 0xfd, 0x1e, 0x1b, 0x0b, 0xb2, 0x1e, 0x97, 0xdb, - 0xa3, 0x8a, 0x76, 0x0f, 0x8b, 0xc8, 0xbc, 0x0f, 0xfa, 0xc7, 0x6e, 0xfe, 0x71, 0x92, 0xbf, 0x0f, - 0x13, 0x07, 0xca, 0x31, 0x9a, 0x10, 0x31, 0xd9, 0x1e, 0x76, 0xbb, 0xf4, 0x85, 0x4d, 0x25, 0x23, - 0xdc, 0xde, 0x6d, 0xa7, 0x0e, 0x94, 0x63, 0xdc, 0xc3, 0x0a, 0xa8, 0x66, 0xdd, 0x84, 0xf7, 0x41, - 0x4d, 0x11, 0x31, 0xa0, 0x0c, 0xeb, 0x85, 0x37, 0x73, 0x71, 0xd4, 0x3a, 0xb9, 0x4b, 0x77, 0xae, - 0xd3, 0x6a, 0x17, 0x2c, 0xa6, 0x73, 0x45, 0x36, 0xfc, 0x02, 0xd4, 0x42, 0x22, 0x14, 0xed, 0xd2, - 0x10, 0xab, 0x49, 0x61, 0xce, 0x4c, 0xc4, 0xb6, 0x73, 0x17, 0x2a, 0xe2, 0xe0, 0x25, 0x50, 0xde, - 0x27, 0x07, 0xf6, 0x96, 0xa8, 0x59, 0x78, 0xf9, 0x3e, 0x39, 0x40, 0xda, 0x0e, 0xbf, 0x06, 0x27, - 0x43, 0x5c, 0x20, 0xdb, 0x5b, 0xe2, 0x9c, 0x05, 0x9e, 0xdc, 0xbe, 0x55, 0x54, 0x9e, 0xc6, 0xc2, - 0xa7, 0xa0, 0x1e, 0x11, 0xa9, 0x6c, 0x86, 0x53, 0x50, 0x7b, 0x0f, 0x5f, 0xb6, 0x3a, 0xf5, 0xdb, - 0x0b, 0x70, 0x68, 0xa1, 0x02, 0x7c, 0xe5, 0x80, 0x4b, 0x94, 0x49, 0x12, 0x0e, 0x05, 0xb9, 0x13, - 0xc5, 0xa4, 0x50, 0x1d, 0xfb, 0x36, 0xac, 0x99, 0x18, 0xf7, 0x6c, 0x8c, 0x4b, 0x3b, 0xef, 0x02, - 0x1f, 0x8d, 0x9a, 0x57, 0xde, 0x09, 0x30, 0x15, 0x7f, 0x77, 0x40, 0xf8, 0x8b, 0x03, 0xce, 0x90, - 0x17, 0x66, 0x77, 0xf4, 0x8b, 0x87, 0x5d, 0x5f, 0x7a, 0x1f, 0xce, 0xfb, 0x5e, 0x0e, 0xce, 0x8f, - 0x47, 0xcd, 0x33, 0x77, 0x8e, 0xeb, 0xa2, 0x79, 0xc1, 0x82, 0xbb, 0xaf, 0x0f, 0x1b, 0x2b, 0x6f, - 0x0e, 0x1b, 0x2b, 0x6f, 0x0f, 0x1b, 0x2b, 0x2f, 0xc7, 0x0d, 0xe7, 0xf5, 0xb8, 0xe1, 0xbc, 0x19, - 0x37, 0x9c, 0xb7, 0xe3, 0x86, 0xf3, 0xe7, 0xb8, 0xe1, 0xbc, 0xfa, 0xab, 0xb1, 0xf2, 0xe4, 0xca, - 0x7b, 0xff, 0xe7, 0xfc, 0x13, 0x00, 0x00, 0xff, 0xff, 0x0c, 0xcd, 0xe6, 0xca, 0x0b, 0x0d, 0x00, - 0x00, + // 1420 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x58, 0xdd, 0x6e, 0x13, 0xc7, + 0x17, 0xcf, 0xc6, 0x76, 0x1c, 0x8f, 0xf9, 0x1c, 0xbe, 0x4c, 0x24, 0x6c, 0xd8, 0xbf, 0xf4, 0x17, + 0x54, 0x74, 0xdd, 0x04, 0x68, 0x41, 0x15, 0x17, 0x6c, 0x40, 0x10, 0x30, 0x21, 0x1a, 0xbb, 0xa0, + 0x22, 0x2a, 0x75, 0xb2, 0x3b, 0xb6, 0xa7, 0xb1, 0x67, 0x97, 0x99, 0x71, 0x20, 0x37, 0x15, 0x6a, + 0x5f, 0x80, 0xde, 0xf6, 0x15, 0xaa, 0xde, 0xf7, 0x11, 0xb8, 0xe4, 0x92, 0xde, 0x58, 0x8d, 0x7b, + 0xd9, 0x37, 0xc8, 0x55, 0x35, 0xb3, 0xe3, 0xdd, 0xb5, 0x63, 0x13, 0x07, 0xf5, 0xce, 0x7b, 0xce, + 0xf9, 0xfd, 0xce, 0xc7, 0x9c, 0x39, 0x67, 0x12, 0xb0, 0xdc, 0xa2, 0xb2, 0xdd, 0xdb, 0x74, 0xbc, + 0xa0, 0x5b, 0x0d, 0x42, 0xc2, 0x44, 0x9b, 0x36, 0x65, 0x15, 0x87, 0xb4, 0xca, 0x83, 0x9e, 0x24, + 0xd5, 0xed, 0xe5, 0x6a, 0x8b, 0x30, 0xc2, 0xb1, 0x24, 0xbe, 0x13, 0xf2, 0x40, 0x06, 0xf0, 0x52, + 0x02, 0x71, 0x62, 0x88, 0x83, 0x43, 0xea, 0x68, 0x88, 0xb3, 0xbd, 0xbc, 0xf4, 0x79, 0x8a, 0xb5, + 0x15, 0xb4, 0x82, 0xaa, 0x46, 0x6e, 0xf6, 0x9a, 0xfa, 0x4b, 0x7f, 0xe8, 0x5f, 0x11, 0xe3, 0x92, + 0xbd, 0x75, 0x53, 0x38, 0x34, 0xd0, 0x6e, 0xbd, 0x80, 0x4f, 0xf2, 0xba, 0x74, 0x3d, 0xb1, 0xe9, + 0x62, 0xaf, 0x4d, 0x19, 0xe1, 0x3b, 0xd5, 0x70, 0xab, 0xa5, 0x04, 0xa2, 0xda, 0x25, 0x12, 0x4f, + 0x42, 0x7d, 0x39, 0x0d, 0xc5, 0x7b, 0x4c, 0xd2, 0x2e, 0xa9, 0x0a, 0xaf, 0x4d, 0xba, 0x78, 0x1f, + 0xee, 0xda, 0x34, 0x5c, 0x4f, 0xd2, 0x4e, 0x95, 0x32, 0x29, 0x24, 0x1f, 0x07, 0xd9, 0x37, 0xc1, + 0xe9, 0x5a, 0xe0, 0xe1, 0xce, 0x93, 0xcd, 0x1f, 0x88, 0x27, 0x11, 0x69, 0x12, 0x4e, 0x98, 0x47, + 0xe0, 0x45, 0x90, 0x65, 0xb8, 0x4b, 0x4a, 0xd6, 0x45, 0xeb, 0x72, 0xc1, 0x3d, 0xf2, 0xae, 0x5f, + 0x99, 0x1b, 0xf4, 0x2b, 0xd9, 0x75, 0xdc, 0x25, 0x48, 0x6b, 0xec, 0x5f, 0xe6, 0x41, 0x0e, 0xa9, + 0xe2, 0xc1, 0xef, 0xc1, 0xa2, 0xca, 0xc5, 0xc7, 0x12, 0x6b, 0xfb, 0xe2, 0xca, 0x17, 0x4e, 0x14, + 0x8b, 0x93, 0x8e, 0xc5, 0x09, 0xb7, 0x5a, 0x4a, 0x20, 0x1c, 0x65, 0xed, 0x6c, 0x2f, 0x3b, 0x91, + 0xd3, 0xc7, 0x44, 0x62, 0x17, 0x1a, 0x0f, 0x20, 0x91, 0xa1, 0x98, 0x15, 0xae, 0x83, 0xac, 0x08, + 0x89, 0x57, 0x9a, 0xd7, 0xec, 0x57, 0x9d, 0x03, 0x4f, 0xd3, 0xd1, 0x91, 0xd5, 0x43, 0xe2, 0x25, + 0xb1, 0xab, 0x2f, 0xa4, 0x79, 0xe0, 0x53, 0xb0, 0x20, 0x24, 0x96, 0x3d, 0x51, 0xca, 0x68, 0x46, + 0x67, 0x66, 0x46, 0x8d, 0x72, 0x8f, 0x19, 0xce, 0x85, 0xe8, 0x1b, 0x19, 0x36, 0xfb, 0x57, 0x0b, + 0x1c, 0xd7, 0x76, 0x0f, 0x1a, 0x8d, 0x8d, 0x07, 0x04, 0xfb, 0x84, 0x1f, 0x5c, 0x49, 0x48, 0xc0, + 0x02, 0xf6, 0x24, 0x0d, 0x98, 0xc9, 0xef, 0xf6, 0xac, 0xd1, 0x24, 0x5e, 0xee, 0x68, 0xfc, 0x37, + 0x8c, 0x06, 0x2c, 0x09, 0x2e, 0x12, 0x22, 0x43, 0x6e, 0xff, 0x6e, 0x81, 0xa5, 0xe9, 0x30, 0x78, + 0x1b, 0x64, 0xe5, 0x4e, 0x38, 0x8c, 0xf3, 0xca, 0x30, 0xce, 0xc6, 0x4e, 0x48, 0xf6, 0xfa, 0x95, + 0xf3, 0x13, 0x91, 0x4a, 0x89, 0x34, 0x0c, 0x6e, 0x80, 0x8c, 0x20, 0xd2, 0x64, 0x70, 0x63, 0xe6, + 0x7a, 0x12, 0x99, 0x70, 0xba, 0xf9, 0x41, 0xbf, 0x92, 0xa9, 0x13, 0x89, 0x14, 0x95, 0xfd, 0xa7, + 0x05, 0xce, 0x4e, 0xf4, 0x2a, 0x54, 0xc7, 0x71, 0x22, 0xc2, 0x80, 0x09, 0x15, 0x6f, 0xe6, 0x72, + 0x71, 0x65, 0xe5, 0xf0, 0x35, 0x73, 0x4f, 0x98, 0x1c, 0x17, 0x91, 0xe1, 0x42, 0x31, 0x2b, 0xfc, + 0x0e, 0xe4, 0x39, 0x79, 0xd9, 0x23, 0x42, 0xa5, 0xf4, 0xa9, 0x0e, 0x8e, 0x1b, 0x07, 0x79, 0x14, + 0x51, 0xa1, 0x21, 0xa7, 0xfd, 0x1a, 0x9c, 0x18, 0x33, 0x16, 0xd0, 0x07, 0xf9, 0xe8, 0xa4, 0x84, + 0xb9, 0x45, 0xb7, 0x3e, 0xb5, 0x0f, 0x44, 0xe2, 0xd9, 0x08, 0xd0, 0x90, 0xda, 0xfe, 0x39, 0x03, + 0x8e, 0x68, 0xd0, 0x1a, 0x6b, 0x71, 0x22, 0x84, 0xea, 0xcf, 0x76, 0x20, 0xe4, 0x78, 0x7f, 0x3e, + 0x08, 0x84, 0x44, 0x5a, 0x03, 0x57, 0x00, 0xd0, 0xfe, 0xb8, 0xea, 0x59, 0x7d, 0xc2, 0x85, 0xe4, + 0xbe, 0xa2, 0x58, 0x83, 0x52, 0x56, 0xb0, 0x03, 0x80, 0x17, 0x30, 0x9f, 0x46, 0xf9, 0x64, 0x74, + 0x09, 0x6f, 0xce, 0x9a, 0x8f, 0x09, 0x6d, 0x75, 0x48, 0x90, 0x78, 0x8b, 0x45, 0x02, 0xa5, 0xf8, + 0x61, 0x03, 0x1c, 0x7b, 0x45, 0x3b, 0xbe, 0x87, 0xb9, 0xbf, 0x11, 0x74, 0xa8, 0xb7, 0x53, 0xca, + 0xea, 0x28, 0xaf, 0x1a, 0xdc, 0xb1, 0x67, 0x23, 0xda, 0xbd, 0x7e, 0x05, 0x8e, 0x4a, 0x74, 0x23, + 0x8f, 0x71, 0xc0, 0x6f, 0xc1, 0xb9, 0x28, 0xa3, 0x55, 0xcc, 0x02, 0x46, 0x3d, 0xdc, 0x51, 0x45, + 0xd1, 0x97, 0x39, 0xa7, 0xe9, 0x2b, 0x86, 0xfe, 0x1c, 0x9a, 0x6c, 0x86, 0xa6, 0xe1, 0xed, 0x7f, + 0xe6, 0xc1, 0x99, 0x89, 0xa9, 0xce, 0x74, 0x0d, 0xc7, 0x41, 0xa9, 0x6b, 0x58, 0x8b, 0x27, 0x5b, + 0x74, 0x4e, 0xd7, 0x47, 0x27, 0xd5, 0x5e, 0xbf, 0x32, 0x61, 0x71, 0x39, 0x31, 0xd3, 0xe8, 0x3c, + 0x83, 0xff, 0x07, 0x0b, 0x9c, 0x60, 0x11, 0x30, 0x3d, 0x27, 0x0b, 0xc9, 0x68, 0x41, 0x5a, 0x8a, + 0x8c, 0x16, 0x5e, 0x01, 0xf9, 0x2e, 0x11, 0x02, 0xb7, 0x88, 0x29, 0x7c, 0xdc, 0x7f, 0x8f, 0x23, + 0x31, 0x1a, 0xea, 0x21, 0x07, 0xb0, 0x83, 0x85, 0x6c, 0x70, 0xcc, 0x44, 0x14, 0x3c, 0x35, 0xf5, + 0x2c, 0xae, 0x7c, 0x36, 0xdb, 0xda, 0x50, 0x08, 0xf7, 0xec, 0xa0, 0x5f, 0x81, 0xb5, 0x7d, 0x4c, + 0x68, 0x02, 0xbb, 0xfd, 0x87, 0x05, 0x0a, 0xba, 0x70, 0x35, 0x2a, 0x24, 0x7c, 0xb1, 0x6f, 0x5d, + 0x39, 0xb3, 0xf9, 0x55, 0x68, 0xbd, 0xac, 0xe2, 0xc1, 0x31, 0x94, 0xa4, 0x56, 0xd5, 0x63, 0x90, + 0xa3, 0x92, 0x74, 0x85, 0x19, 0x1b, 0x97, 0x67, 0xed, 0x79, 0xf7, 0xa8, 0x21, 0xcd, 0xad, 0x29, + 0x38, 0x8a, 0x58, 0xec, 0x97, 0x26, 0xf2, 0x8d, 0x80, 0x4b, 0xe8, 0x03, 0x20, 0x31, 0x6f, 0x11, + 0xa9, 0xbe, 0x0e, 0x5c, 0xb5, 0x6a, 0xed, 0x3b, 0xd1, 0xda, 0x77, 0xd6, 0x98, 0x7c, 0xc2, 0xeb, + 0x92, 0x53, 0xd6, 0x4a, 0x2e, 0x53, 0x23, 0xe6, 0x42, 0x29, 0x5e, 0xfb, 0x16, 0x80, 0xfb, 0x67, + 0x33, 0xfc, 0x1f, 0xc8, 0x6d, 0xe3, 0x4e, 0x6f, 0xd8, 0x98, 0x71, 0xb4, 0x4f, 0x95, 0x10, 0x45, + 0x3a, 0xfb, 0xb7, 0x9c, 0x09, 0x57, 0xed, 0xda, 0x19, 0x26, 0x4b, 0x15, 0x14, 0x44, 0x6f, 0xd3, + 0x0f, 0xba, 0x98, 0xb2, 0xd2, 0xa2, 0x36, 0x3b, 0x69, 0xcc, 0x0a, 0xf5, 0xa1, 0x02, 0x25, 0x36, + 0x8a, 0x32, 0xc4, 0xb2, 0x6d, 0x9a, 0x3b, 0xa6, 0xdc, 0xc0, 0xb2, 0x8d, 0xb4, 0x06, 0xd6, 0xc1, + 0xbc, 0x0c, 0xcc, 0x5a, 0xff, 0x6a, 0xd6, 0xe2, 0x47, 0x95, 0x88, 0x5f, 0x3f, 0x2e, 0x30, 0xc4, + 0xf3, 0x8d, 0x00, 0xcd, 0xcb, 0x00, 0xbe, 0xb1, 0xc0, 0x49, 0xdc, 0x91, 0x84, 0x33, 0x2c, 0x89, + 0x8b, 0xbd, 0x2d, 0xc2, 0x7c, 0x51, 0xca, 0xea, 0x13, 0xfe, 0x64, 0x27, 0xe7, 0x8d, 0x93, 0x93, + 0x77, 0xc6, 0x99, 0xd1, 0x7e, 0x67, 0xf0, 0x21, 0xc8, 0x86, 0xea, 0xd4, 0x73, 0x87, 0x7b, 0x02, + 0xa9, 0x13, 0x75, 0x17, 0x75, 0x8d, 0xd4, 0x39, 0x6b, 0x0e, 0x78, 0x1f, 0x64, 0x64, 0x47, 0x94, + 0x16, 0x66, 0xa6, 0x6a, 0xd4, 0xea, 0xab, 0x01, 0x6b, 0xd2, 0x56, 0xb4, 0xa2, 0x1b, 0xb5, 0x3a, + 0x52, 0x0c, 0x13, 0xe6, 0x6e, 0xfe, 0x3f, 0x98, 0xbb, 0x4d, 0x50, 0x6c, 0x4b, 0x19, 0x9a, 0xbd, + 0x58, 0x2a, 0xe8, 0x30, 0xaf, 0x1d, 0x7e, 0x19, 0x0a, 0xf7, 0xf8, 0xa0, 0x5f, 0x29, 0xa6, 0x04, + 0x28, 0x4d, 0x6c, 0x53, 0x50, 0x4c, 0x3d, 0xea, 0xe0, 0x73, 0x90, 0xa7, 0xd1, 0x60, 0x35, 0x6f, + 0x8a, 0xea, 0x21, 0xf7, 0x55, 0x32, 0xf5, 0x8c, 0x00, 0x0d, 0x09, 0xed, 0x1f, 0xc1, 0xe9, 0x49, + 0x3d, 0xa0, 0xfa, 0x79, 0x8b, 0x32, 0x7f, 0xfc, 0x8a, 0x3c, 0xa2, 0xcc, 0x47, 0x5a, 0x13, 0x3f, + 0x1f, 0xe7, 0xa7, 0x3e, 0x1f, 0x6d, 0xb0, 0xf0, 0x8a, 0xd0, 0x56, 0x5b, 0xea, 0xae, 0xcf, 0xb9, + 0x40, 0x0d, 0xe8, 0x67, 0x5a, 0x82, 0x8c, 0xc6, 0x0e, 0x4c, 0xaa, 0xbc, 0xde, 0xc6, 0xdc, 0xd7, + 0xf7, 0x4e, 0xfd, 0x58, 0x4f, 0x1e, 0xa6, 0xc9, 0xbd, 0x1b, 0x2a, 0x50, 0x62, 0xa3, 0x00, 0x3e, + 0x13, 0xf5, 0x5e, 0xb3, 0x49, 0x5f, 0x9b, 0x50, 0x62, 0xc0, 0xdd, 0xf5, 0x7a, 0xa4, 0x40, 0x89, + 0x8d, 0xbd, 0x9b, 0x05, 0x85, 0xb8, 0x6b, 0xe0, 0x23, 0x50, 0x94, 0x84, 0x77, 0x29, 0xc3, 0xfa, + 0x99, 0x3b, 0xba, 0xdb, 0x8a, 0x8d, 0x44, 0xa5, 0x3a, 0xa4, 0x51, 0xab, 0xa7, 0x24, 0xba, 0x43, + 0xd2, 0x68, 0x78, 0x03, 0x14, 0x3d, 0xc2, 0x25, 0x6d, 0x52, 0x0f, 0xcb, 0x61, 0x61, 0x4e, 0x0d, + 0xc9, 0x56, 0x13, 0x15, 0x4a, 0xdb, 0xc1, 0x0b, 0x20, 0xb3, 0x45, 0x76, 0xcc, 0x22, 0x2b, 0x1a, + 0xf3, 0xcc, 0x23, 0xb2, 0x83, 0x94, 0x1c, 0x7e, 0x0d, 0x8e, 0x7a, 0x38, 0x05, 0x36, 0x8b, 0xec, + 0x8c, 0x31, 0x3c, 0xba, 0x7a, 0x27, 0xcd, 0x3c, 0x6a, 0x0b, 0x5f, 0x80, 0x92, 0x4f, 0x84, 0x34, + 0x11, 0x8e, 0x98, 0x9a, 0xa7, 0xc2, 0x45, 0xc3, 0x53, 0xba, 0x3b, 0xc5, 0x0e, 0x4d, 0x65, 0x80, + 0x6f, 0x2d, 0x70, 0x81, 0x32, 0x41, 0xbc, 0x1e, 0x27, 0xf7, 0xfc, 0x16, 0x49, 0x55, 0xc7, 0xdc, + 0xba, 0x05, 0xed, 0xe3, 0xa1, 0xf1, 0x71, 0x61, 0xed, 0x63, 0xc6, 0x7b, 0xfd, 0xca, 0xa5, 0x8f, + 0x1a, 0xe8, 0x8a, 0x7f, 0xdc, 0x21, 0xfc, 0xc9, 0x02, 0xa7, 0xc8, 0x6b, 0x3d, 0xa3, 0x3a, 0xe9, + 0x64, 0xf3, 0x33, 0xcf, 0xdd, 0x49, 0x7f, 0x75, 0xba, 0xe7, 0x06, 0xfd, 0xca, 0xa9, 0x7b, 0xfb, + 0x79, 0xd1, 0x24, 0x67, 0xee, 0xfd, 0x77, 0xbb, 0xe5, 0xb9, 0xf7, 0xbb, 0xe5, 0xb9, 0x0f, 0xbb, + 0xe5, 0xb9, 0x37, 0x83, 0xb2, 0xf5, 0x6e, 0x50, 0xb6, 0xde, 0x0f, 0xca, 0xd6, 0x87, 0x41, 0xd9, + 0xfa, 0x6b, 0x50, 0xb6, 0xde, 0xfe, 0x5d, 0x9e, 0x7b, 0x7e, 0xe9, 0xc0, 0xff, 0x16, 0xfc, 0x1b, + 0x00, 0x00, 0xff, 0xff, 0x62, 0x5d, 0xac, 0x2e, 0x51, 0x10, 0x00, 0x00, } func (m *LocalObjectReference) Marshal() (dAtA []byte, err error) { @@ -518,6 +675,168 @@ func (m *Route) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *RouteHTTPHeader) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *RouteHTTPHeader) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *RouteHTTPHeader) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + { + size, err := m.Action.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *RouteHTTPHeaderActionUnion) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *RouteHTTPHeaderActionUnion) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *RouteHTTPHeaderActionUnion) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.Set != nil { + { + size, err := m.Set.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + i -= len(m.Type) + copy(dAtA[i:], m.Type) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Type))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *RouteHTTPHeaderActions) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *RouteHTTPHeaderActions) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *RouteHTTPHeaderActions) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Request) > 0 { + for iNdEx := len(m.Request) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Request[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + } + if len(m.Response) > 0 { + for iNdEx := len(m.Response) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Response[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil +} + +func (m *RouteHTTPHeaders) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *RouteHTTPHeaders) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *RouteHTTPHeaders) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + { + size, err := m.Actions.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + func (m *RouteIngress) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -710,7 +1029,7 @@ func (m *RoutePort) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *RouteSpec) Marshal() (dAtA []byte, err error) { +func (m *RouteSetHTTPHeader) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -720,33 +1039,73 @@ func (m *RouteSpec) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *RouteSpec) MarshalTo(dAtA []byte) (int, error) { +func (m *RouteSetHTTPHeader) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *RouteSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *RouteSetHTTPHeader) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int _ = l - i -= len(m.Subdomain) - copy(dAtA[i:], m.Subdomain) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Subdomain))) - i-- - dAtA[i] = 0x42 - i -= len(m.WildcardPolicy) - copy(dAtA[i:], m.WildcardPolicy) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.WildcardPolicy))) + i -= len(m.Value) + copy(dAtA[i:], m.Value) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Value))) i-- - dAtA[i] = 0x3a - if m.TLS != nil { - { - size, err := m.TLS.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *RouteSpec) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *RouteSpec) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *RouteSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.HTTPHeaders != nil { + { + size, err := m.HTTPHeaders.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x4a + } + i -= len(m.Subdomain) + copy(dAtA[i:], m.Subdomain) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Subdomain))) + i-- + dAtA[i] = 0x42 + i -= len(m.WildcardPolicy) + copy(dAtA[i:], m.WildcardPolicy) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.WildcardPolicy))) + i-- + dAtA[i] = 0x3a + if m.TLS != nil { + { + size, err := m.TLS.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size i = encodeVarintGenerated(dAtA, i, uint64(size)) } i-- @@ -1011,6 +1370,66 @@ func (m *Route) Size() (n int) { return n } +func (m *RouteHTTPHeader) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Name) + n += 1 + l + sovGenerated(uint64(l)) + l = m.Action.Size() + n += 1 + l + sovGenerated(uint64(l)) + return n +} + +func (m *RouteHTTPHeaderActionUnion) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Type) + n += 1 + l + sovGenerated(uint64(l)) + if m.Set != nil { + l = m.Set.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + return n +} + +func (m *RouteHTTPHeaderActions) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m.Response) > 0 { + for _, e := range m.Response { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + if len(m.Request) > 0 { + for _, e := range m.Request { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + return n +} + +func (m *RouteHTTPHeaders) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.Actions.Size() + n += 1 + l + sovGenerated(uint64(l)) + return n +} + func (m *RouteIngress) Size() (n int) { if m == nil { return 0 @@ -1083,6 +1502,17 @@ func (m *RoutePort) Size() (n int) { return n } +func (m *RouteSetHTTPHeader) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Value) + n += 1 + l + sovGenerated(uint64(l)) + return n +} + func (m *RouteSpec) Size() (n int) { if m == nil { return 0 @@ -1113,6 +1543,10 @@ func (m *RouteSpec) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) l = len(m.Subdomain) n += 1 + l + sovGenerated(uint64(l)) + if m.HTTPHeaders != nil { + l = m.HTTPHeaders.Size() + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -1213,6 +1647,59 @@ func (this *Route) String() string { }, "") return s } +func (this *RouteHTTPHeader) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&RouteHTTPHeader{`, + `Name:` + fmt.Sprintf("%v", this.Name) + `,`, + `Action:` + strings.Replace(strings.Replace(this.Action.String(), "RouteHTTPHeaderActionUnion", "RouteHTTPHeaderActionUnion", 1), `&`, ``, 1) + `,`, + `}`, + }, "") + return s +} +func (this *RouteHTTPHeaderActionUnion) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&RouteHTTPHeaderActionUnion{`, + `Type:` + fmt.Sprintf("%v", this.Type) + `,`, + `Set:` + strings.Replace(this.Set.String(), "RouteSetHTTPHeader", "RouteSetHTTPHeader", 1) + `,`, + `}`, + }, "") + return s +} +func (this *RouteHTTPHeaderActions) String() string { + if this == nil { + return "nil" + } + repeatedStringForResponse := "[]RouteHTTPHeader{" + for _, f := range this.Response { + repeatedStringForResponse += strings.Replace(strings.Replace(f.String(), "RouteHTTPHeader", "RouteHTTPHeader", 1), `&`, ``, 1) + "," + } + repeatedStringForResponse += "}" + repeatedStringForRequest := "[]RouteHTTPHeader{" + for _, f := range this.Request { + repeatedStringForRequest += strings.Replace(strings.Replace(f.String(), "RouteHTTPHeader", "RouteHTTPHeader", 1), `&`, ``, 1) + "," + } + repeatedStringForRequest += "}" + s := strings.Join([]string{`&RouteHTTPHeaderActions{`, + `Response:` + repeatedStringForResponse + `,`, + `Request:` + repeatedStringForRequest + `,`, + `}`, + }, "") + return s +} +func (this *RouteHTTPHeaders) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&RouteHTTPHeaders{`, + `Actions:` + strings.Replace(strings.Replace(this.Actions.String(), "RouteHTTPHeaderActions", "RouteHTTPHeaderActions", 1), `&`, ``, 1) + `,`, + `}`, + }, "") + return s +} func (this *RouteIngress) String() string { if this == nil { return "nil" @@ -1272,6 +1759,16 @@ func (this *RoutePort) String() string { }, "") return s } +func (this *RouteSetHTTPHeader) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&RouteSetHTTPHeader{`, + `Value:` + fmt.Sprintf("%v", this.Value) + `,`, + `}`, + }, "") + return s +} func (this *RouteSpec) String() string { if this == nil { return "nil" @@ -1290,6 +1787,7 @@ func (this *RouteSpec) String() string { `TLS:` + strings.Replace(this.TLS.String(), "TLSConfig", "TLSConfig", 1) + `,`, `WildcardPolicy:` + fmt.Sprintf("%v", this.WildcardPolicy) + `,`, `Subdomain:` + fmt.Sprintf("%v", this.Subdomain) + `,`, + `HTTPHeaders:` + strings.Replace(this.HTTPHeaders.String(), "RouteHTTPHeaders", "RouteHTTPHeaders", 1) + `,`, `}`, }, "") return s @@ -1336,27 +1834,373 @@ func (this *TLSConfig) String() string { if this == nil { return "nil" } - s := strings.Join([]string{`&TLSConfig{`, - `Termination:` + fmt.Sprintf("%v", this.Termination) + `,`, - `Certificate:` + fmt.Sprintf("%v", this.Certificate) + `,`, - `Key:` + fmt.Sprintf("%v", this.Key) + `,`, - `CACertificate:` + fmt.Sprintf("%v", this.CACertificate) + `,`, - `DestinationCACertificate:` + fmt.Sprintf("%v", this.DestinationCACertificate) + `,`, - `InsecureEdgeTerminationPolicy:` + fmt.Sprintf("%v", this.InsecureEdgeTerminationPolicy) + `,`, - `ExternalCertificate:` + strings.Replace(this.ExternalCertificate.String(), "LocalObjectReference", "LocalObjectReference", 1) + `,`, - `}`, - }, "") - return s -} -func valueToStringGenerated(v interface{}) string { - rv := reflect.ValueOf(v) - if rv.IsNil() { - return "nil" + s := strings.Join([]string{`&TLSConfig{`, + `Termination:` + fmt.Sprintf("%v", this.Termination) + `,`, + `Certificate:` + fmt.Sprintf("%v", this.Certificate) + `,`, + `Key:` + fmt.Sprintf("%v", this.Key) + `,`, + `CACertificate:` + fmt.Sprintf("%v", this.CACertificate) + `,`, + `DestinationCACertificate:` + fmt.Sprintf("%v", this.DestinationCACertificate) + `,`, + `InsecureEdgeTerminationPolicy:` + fmt.Sprintf("%v", this.InsecureEdgeTerminationPolicy) + `,`, + `ExternalCertificate:` + strings.Replace(this.ExternalCertificate.String(), "LocalObjectReference", "LocalObjectReference", 1) + `,`, + `}`, + }, "") + return s +} +func valueToStringGenerated(v interface{}) string { + rv := reflect.ValueOf(v) + if rv.IsNil() { + return "nil" + } + pv := reflect.Indirect(rv).Interface() + return fmt.Sprintf("*%v", pv) +} +func (m *LocalObjectReference) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: LocalObjectReference: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: LocalObjectReference: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Name = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *Route) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: Route: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: Route: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *RouteHTTPHeader) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: RouteHTTPHeader: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: RouteHTTPHeader: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Name = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Action", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Action.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF } - pv := reflect.Indirect(rv).Interface() - return fmt.Sprintf("*%v", pv) + return nil } -func (m *LocalObjectReference) Unmarshal(dAtA []byte) error { +func (m *RouteHTTPHeaderActionUnion) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -1379,15 +2223,15 @@ func (m *LocalObjectReference) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: LocalObjectReference: wiretype end group for non-group") + return fmt.Errorf("proto: RouteHTTPHeaderActionUnion: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: LocalObjectReference: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: RouteHTTPHeaderActionUnion: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -1415,7 +2259,43 @@ func (m *LocalObjectReference) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Name = string(dAtA[iNdEx:postIndex]) + m.Type = RouteHTTPHeaderActionType(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Set", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Set == nil { + m.Set = &RouteSetHTTPHeader{} + } + if err := m.Set.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -1438,7 +2318,7 @@ func (m *LocalObjectReference) Unmarshal(dAtA []byte) error { } return nil } -func (m *Route) Unmarshal(dAtA []byte) error { +func (m *RouteHTTPHeaderActions) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -1461,15 +2341,15 @@ func (m *Route) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: Route: wiretype end group for non-group") + return fmt.Errorf("proto: RouteHTTPHeaderActions: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: Route: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: RouteHTTPHeaderActions: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Response", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -1496,13 +2376,14 @@ func (m *Route) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.Response = append(m.Response, RouteHTTPHeader{}) + if err := m.Response[len(m.Response)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Request", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -1529,13 +2410,64 @@ func (m *Route) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + m.Request = append(m.Request, RouteHTTPHeader{}) + if err := m.Request[len(m.Request)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 3: + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *RouteHTTPHeaders) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: RouteHTTPHeaders: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: RouteHTTPHeaders: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Actions", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -1562,7 +2494,7 @@ func (m *Route) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.Actions.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -2213,6 +3145,88 @@ func (m *RoutePort) Unmarshal(dAtA []byte) error { } return nil } +func (m *RouteSetHTTPHeader) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: RouteSetHTTPHeader: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: RouteSetHTTPHeader: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Value", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Value = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *RouteSpec) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 @@ -2509,6 +3523,42 @@ func (m *RouteSpec) Unmarshal(dAtA []byte) error { } m.Subdomain = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 9: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field HTTPHeaders", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.HTTPHeaders == nil { + m.HTTPHeaders = &RouteHTTPHeaders{} + } + if err := m.HTTPHeaders.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) diff --git a/vendor/github.com/openshift/api/route/v1/generated.proto b/vendor/github.com/openshift/api/route/v1/generated.proto index 93d78bf19e..d31fa5222e 100644 --- a/vendor/github.com/openshift/api/route/v1/generated.proto +++ b/vendor/github.com/openshift/api/route/v1/generated.proto @@ -57,6 +57,7 @@ message Route { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // spec is the desired state of the route + // +kubebuilder:validation:XValidation:rule="!has(self.tls) || self.tls.termination != 'passthrough' || !has(self.httpHeaders)",message="header actions are not permitted when tls termination is passthrough." optional RouteSpec spec = 2; // status is the current state of the route @@ -64,6 +65,131 @@ message Route { optional RouteStatus status = 3; } +// RouteHTTPHeader specifies configuration for setting or deleting an HTTP header. +message RouteHTTPHeader { + // name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header + // name as defined in RFC 2616 section 4.2. + // The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". + // The following header names are reserved and may not be modified via this API: + // Strict-Transport-Security, Proxy, Cookie, Set-Cookie. + // It must be no more than 255 characters in length. + // Header name must be unique. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:Pattern="^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'strict-transport-security'",message="strict-transport-security header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'proxy'",message="proxy header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'cookie'",message="cookie header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'set-cookie'",message="set-cookie header may not be modified via header actions" + optional string name = 1; + + // action specifies actions to perform on headers, such as setting or deleting headers. + // +kubebuilder:validation:Required + optional RouteHTTPHeaderActionUnion action = 2; +} + +// RouteHTTPHeaderActionUnion specifies an action to take on an HTTP header. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Set' ? has(self.set) : !has(self.set)",message="set is required when type is Set, and forbidden otherwise" +// +union +message RouteHTTPHeaderActionUnion { + // type defines the type of the action to be applied on the header. + // Possible values are Set or Delete. + // Set allows you to set HTTP request and response headers. + // Delete allows you to delete HTTP request and response headers. + // +unionDiscriminator + // +kubebuilder:validation:Enum:=Set;Delete + // +kubebuilder:validation:Required + optional string type = 1; + + // set defines the HTTP header that should be set: added if it doesn't exist or replaced if it does. + // This field is required when type is Set and forbidden otherwise. + // +optional + // +unionMember + optional RouteSetHTTPHeader set = 2; +} + +// RouteHTTPHeaderActions defines configuration for actions on HTTP request and response headers. +message RouteHTTPHeaderActions { + // response is a list of HTTP response headers to modify. + // Currently, actions may define to either `Set` or `Delete` headers values. + // Actions defined here will modify the response headers of all requests made through a route. + // These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. + // Route actions will be executed before IngressController actions for response headers. + // Actions are applied in sequence as defined in this list. + // A maximum of 20 response header actions may be configured. + // You can use this field to specify HTTP response headers that should be set or deleted + // when forwarding responses from your application to the client. + // Sample fetchers allowed are "res.hdr" and "ssl_c_der". + // Converters allowed are "lower" and "base64". + // Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + // Note: This field cannot be used if your route uses TLS passthrough. + // + --- + // + Note: Any change to regex mentioned below must be reflected in the CRD validation of route in https://github.com/openshift/library-go/blob/master/pkg/route/validation/validation.go and vice-versa. + // +listType=map + // +listMapKey=name + // +optional + // +kubebuilder:validation:MaxItems=20 + // +kubebuilder:validation:XValidation:rule=`self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$')))`,message="Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + repeated RouteHTTPHeader response = 1; + + // request is a list of HTTP request headers to modify. + // Currently, actions may define to either `Set` or `Delete` headers values. + // Actions defined here will modify the request headers of all requests made through a route. + // These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. + // Currently, actions may define to either `Set` or `Delete` headers values. + // Route actions will be executed after IngressController actions for request headers. + // Actions are applied in sequence as defined in this list. + // A maximum of 20 request header actions may be configured. + // You can use this field to specify HTTP request headers that should be set or deleted + // when forwarding connections from the client to your application. + // Sample fetchers allowed are "req.hdr" and "ssl_c_der". + // Converters allowed are "lower" and "base64". + // Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + // Any request header configuration applied directly via a Route resource using this API + // will override header configuration for a header of the same name applied via + // spec.httpHeaders.actions on the IngressController or route annotation. + // Note: This field cannot be used if your route uses TLS passthrough. + // + --- + // + Note: Any change to regex mentioned below must be reflected in the CRD validation of route in https://github.com/openshift/library-go/blob/master/pkg/route/validation/validation.go and vice-versa. + // +listType=map + // +listMapKey=name + // +optional + // +kubebuilder:validation:MaxItems=20 + // +kubebuilder:validation:XValidation:rule=`self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$')))`,message="Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + repeated RouteHTTPHeader request = 2; +} + +// RouteHTTPHeaders defines policy for HTTP headers. +message RouteHTTPHeaders { + // actions specifies options for modifying headers and their values. + // Note that this option only applies to cleartext HTTP connections + // and to secure HTTP connections for which the ingress controller + // terminates encryption (that is, edge-terminated or reencrypt + // connections). Headers cannot be modified for TLS passthrough + // connections. + // Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. + // `Strict-Transport-Security` may only be configured using the "haproxy.router.openshift.io/hsts_header" + // route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. + // In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after + // the actions specified in the IngressController's spec.httpHeaders.actions field. + // In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be + // executed after the actions specified in the Route's spec.httpHeaders.actions field. + // The headers set via this API will not appear in access logs. + // Any actions defined here are applied after any actions related to the following other fields: + // cache-control, spec.clientTLS, + // spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, + // and spec.httpHeaders.headerNameCaseAdjustments. + // The following header names are reserved and may not be modified via this API: + // Strict-Transport-Security, Proxy, Cookie, Set-Cookie. + // Note that the total size of all net added headers *after* interpolating dynamic values + // must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + // IngressController. Please refer to the documentation + // for that API field for more details. + // +optional + optional RouteHTTPHeaderActions actions = 1; +} + // RouteIngress holds information about the places where a route is exposed. message RouteIngress { // Host is the host string under which the route is exposed; this value is required @@ -126,6 +252,25 @@ message RoutePort { optional k8s.io.apimachinery.pkg.util.intstr.IntOrString targetPort = 1; } +// RouteSetHTTPHeader specifies what value needs to be set on an HTTP header. +message RouteSetHTTPHeader { + // value specifies a header value. + // Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in + // http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and + // otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + // The value of this field must be no more than 16384 characters in length. + // Note that the total size of all net added headers *after* interpolating dynamic values + // must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + // IngressController. + // + --- + // + Note: This limit was selected as most common web servers have a limit of 16384 characters or some lower limit. + // + See . + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=16384 + optional string value = 1; +} + // RouteSpec describes the hostname or path the route exposes, any security information, // and one to four backends (services) the route points to. Requests are distributed // among the backends depending on the weights assigned to each backend. When using @@ -202,6 +347,11 @@ message RouteSpec { // +kubebuilder:validation:Enum=None;Subdomain;"" // +kubebuilder:default=None optional string wildcardPolicy = 7; + + // httpHeaders defines policy for HTTP headers. + // + // +optional + optional RouteHTTPHeaders httpHeaders = 9; } // RouteStatus provides relevant info about the status of a route, including which routers @@ -262,6 +412,7 @@ message TLSConfig { // * passthrough - Traffic is sent straight to the destination without the router providing TLS termination // * reencrypt - TLS termination is done by the router and https is used to communicate with the backend // + // Note: passthrough termination is incompatible with httpHeader actions // +kubebuilder:validation:Enum=edge;reencrypt;passthrough optional string termination = 1; diff --git a/vendor/github.com/openshift/api/route/v1/route-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/route/v1/route-CustomNoUpgrade.crd.yaml index 360d60053b..13461f6669 100644 --- a/vendor/github.com/openshift/api/route/v1/route-CustomNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/route/v1/route-CustomNoUpgrade.crd.yaml @@ -82,6 +82,130 @@ spec: type: string maxLength: 253 pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + httpHeaders: + description: httpHeaders defines policy for HTTP headers. + type: object + properties: + actions: + description: 'actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController''s spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route''s spec.httpHeaders.actions field. The headers set via this API will not appear in access logs. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.' + type: object + properties: + request: + description: 'request is a list of HTTP request headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the request headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Currently, actions may define to either `Set` or `Delete` headers values. Route actions will be executed after IngressController actions for request headers. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. You can use this field to specify HTTP request headers that should be set or deleted when forwarding connections from the client to your application. Sample fetchers allowed are "req.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". Any request header configuration applied directly via a Route resource using this API will override header configuration for a header of the same name applied via spec.httpHeaders.actions on the IngressController or route annotation. Note: This field cannot be used if your route uses TLS passthrough.' + type: array + maxItems: 20 + items: + description: RouteHTTPHeader specifies configuration for setting or deleting an HTTP header. + type: object + required: + - action + - name + properties: + action: + description: action specifies actions to perform on headers, such as setting or deleting headers. + type: object + required: + - type + properties: + set: + description: 'set defines the HTTP header that should be set: added if it doesn''t exist or replaced if it does. This field is required when type is Set and forbidden otherwise.' + type: object + required: + - value + properties: + value: + description: value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. + type: string + maxLength: 16384 + minLength: 1 + type: + description: type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers. + type: string + enum: + - Set + - Delete + x-kubernetes-validations: + - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) : !has(self.set)' + message: set is required when type is Set, and forbidden otherwise + name: + description: 'name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&''*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.' + type: string + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + x-kubernetes-validations: + - rule: self.lowerAscii() != 'strict-transport-security' + message: strict-transport-security header may not be modified via header actions + - rule: self.lowerAscii() != 'proxy' + message: proxy header may not be modified via header actions + - rule: self.lowerAscii() != 'cookie' + message: cookie header may not be modified via header actions + - rule: self.lowerAscii() != 'set-cookie' + message: set-cookie header may not be modified via header actions + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + message: Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64. + response: + description: 'response is a list of HTTP response headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the response headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Route actions will be executed before IngressController actions for response headers. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. You can use this field to specify HTTP response headers that should be set or deleted when forwarding responses from your application to the client. Sample fetchers allowed are "res.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". Note: This field cannot be used if your route uses TLS passthrough.' + type: array + maxItems: 20 + items: + description: RouteHTTPHeader specifies configuration for setting or deleting an HTTP header. + type: object + required: + - action + - name + properties: + action: + description: action specifies actions to perform on headers, such as setting or deleting headers. + type: object + required: + - type + properties: + set: + description: 'set defines the HTTP header that should be set: added if it doesn''t exist or replaced if it does. This field is required when type is Set and forbidden otherwise.' + type: object + required: + - value + properties: + value: + description: value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. + type: string + maxLength: 16384 + minLength: 1 + type: + description: type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers. + type: string + enum: + - Set + - Delete + x-kubernetes-validations: + - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) : !has(self.set)' + message: set is required when type is Set, and forbidden otherwise + name: + description: 'name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&''*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.' + type: string + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + x-kubernetes-validations: + - rule: self.lowerAscii() != 'strict-transport-security' + message: strict-transport-security header may not be modified via header actions + - rule: self.lowerAscii() != 'proxy' + message: proxy header may not be modified via header actions + - rule: self.lowerAscii() != 'cookie' + message: cookie header may not be modified via header actions + - rule: self.lowerAscii() != 'set-cookie' + message: set-cookie header may not be modified via header actions + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + message: Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64. path: description: path that the router watches for, to route traffic for to the service. Optional type: string @@ -138,7 +262,7 @@ spec: description: key provides key file contents type: string termination: - description: "termination indicates termination type. \n * edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend" + description: "termination indicates termination type. \n * edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend \n Note: passthrough termination is incompatible with httpHeader actions" type: string enum: - edge @@ -182,6 +306,9 @@ spec: - None - Subdomain - "" + x-kubernetes-validations: + - rule: '!has(self.tls) || self.tls.termination != ''passthrough'' || !has(self.httpHeaders)' + message: header actions are not permitted when tls termination is passthrough. status: description: status is the current state of the route type: object diff --git a/vendor/github.com/openshift/api/route/v1/route-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/route/v1/route-TechPreviewNoUpgrade.crd.yaml index fd6678f44d..87b617cac1 100644 --- a/vendor/github.com/openshift/api/route/v1/route-TechPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/route/v1/route-TechPreviewNoUpgrade.crd.yaml @@ -82,6 +82,130 @@ spec: type: string maxLength: 253 pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + httpHeaders: + description: httpHeaders defines policy for HTTP headers. + type: object + properties: + actions: + description: 'actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController''s spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route''s spec.httpHeaders.actions field. The headers set via this API will not appear in access logs. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.' + type: object + properties: + request: + description: 'request is a list of HTTP request headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the request headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Currently, actions may define to either `Set` or `Delete` headers values. Route actions will be executed after IngressController actions for request headers. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. You can use this field to specify HTTP request headers that should be set or deleted when forwarding connections from the client to your application. Sample fetchers allowed are "req.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". Any request header configuration applied directly via a Route resource using this API will override header configuration for a header of the same name applied via spec.httpHeaders.actions on the IngressController or route annotation. Note: This field cannot be used if your route uses TLS passthrough.' + type: array + maxItems: 20 + items: + description: RouteHTTPHeader specifies configuration for setting or deleting an HTTP header. + type: object + required: + - action + - name + properties: + action: + description: action specifies actions to perform on headers, such as setting or deleting headers. + type: object + required: + - type + properties: + set: + description: 'set defines the HTTP header that should be set: added if it doesn''t exist or replaced if it does. This field is required when type is Set and forbidden otherwise.' + type: object + required: + - value + properties: + value: + description: value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. + type: string + maxLength: 16384 + minLength: 1 + type: + description: type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers. + type: string + enum: + - Set + - Delete + x-kubernetes-validations: + - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) : !has(self.set)' + message: set is required when type is Set, and forbidden otherwise + name: + description: 'name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&''*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.' + type: string + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + x-kubernetes-validations: + - rule: self.lowerAscii() != 'strict-transport-security' + message: strict-transport-security header may not be modified via header actions + - rule: self.lowerAscii() != 'proxy' + message: proxy header may not be modified via header actions + - rule: self.lowerAscii() != 'cookie' + message: cookie header may not be modified via header actions + - rule: self.lowerAscii() != 'set-cookie' + message: set-cookie header may not be modified via header actions + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + message: Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64. + response: + description: 'response is a list of HTTP response headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the response headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Route actions will be executed before IngressController actions for response headers. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. You can use this field to specify HTTP response headers that should be set or deleted when forwarding responses from your application to the client. Sample fetchers allowed are "res.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". Note: This field cannot be used if your route uses TLS passthrough.' + type: array + maxItems: 20 + items: + description: RouteHTTPHeader specifies configuration for setting or deleting an HTTP header. + type: object + required: + - action + - name + properties: + action: + description: action specifies actions to perform on headers, such as setting or deleting headers. + type: object + required: + - type + properties: + set: + description: 'set defines the HTTP header that should be set: added if it doesn''t exist or replaced if it does. This field is required when type is Set and forbidden otherwise.' + type: object + required: + - value + properties: + value: + description: value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. + type: string + maxLength: 16384 + minLength: 1 + type: + description: type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers. + type: string + enum: + - Set + - Delete + x-kubernetes-validations: + - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) : !has(self.set)' + message: set is required when type is Set, and forbidden otherwise + name: + description: 'name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&''*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.' + type: string + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + x-kubernetes-validations: + - rule: self.lowerAscii() != 'strict-transport-security' + message: strict-transport-security header may not be modified via header actions + - rule: self.lowerAscii() != 'proxy' + message: proxy header may not be modified via header actions + - rule: self.lowerAscii() != 'cookie' + message: cookie header may not be modified via header actions + - rule: self.lowerAscii() != 'set-cookie' + message: set-cookie header may not be modified via header actions + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + message: Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64. path: description: path that the router watches for, to route traffic for to the service. Optional type: string @@ -138,7 +262,7 @@ spec: description: key provides key file contents type: string termination: - description: "termination indicates termination type. \n * edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend" + description: "termination indicates termination type. \n * edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend \n Note: passthrough termination is incompatible with httpHeader actions" type: string enum: - edge @@ -182,6 +306,9 @@ spec: - None - Subdomain - "" + x-kubernetes-validations: + - rule: '!has(self.tls) || self.tls.termination != ''passthrough'' || !has(self.httpHeaders)' + message: header actions are not permitted when tls termination is passthrough. status: description: status is the current state of the route type: object diff --git a/vendor/github.com/openshift/api/route/v1/route.crd.yaml b/vendor/github.com/openshift/api/route/v1/route.crd.yaml index d4a7dfcf83..cda46fc33f 100644 --- a/vendor/github.com/openshift/api/route/v1/route.crd.yaml +++ b/vendor/github.com/openshift/api/route/v1/route.crd.yaml @@ -101,6 +101,130 @@ spec: maxLength: 253 pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ type: string + httpHeaders: + description: httpHeaders defines policy for HTTP headers. + properties: + actions: + description: 'actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController''s spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route''s spec.httpHeaders.actions field. The headers set via this API will not appear in access logs. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.' + properties: + request: + description: 'request is a list of HTTP request headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the request headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Currently, actions may define to either `Set` or `Delete` headers values. Route actions will be executed after IngressController actions for request headers. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. You can use this field to specify HTTP request headers that should be set or deleted when forwarding connections from the client to your application. Sample fetchers allowed are "req.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". Any request header configuration applied directly via a Route resource using this API will override header configuration for a header of the same name applied via spec.httpHeaders.actions on the IngressController or route annotation. Note: This field cannot be used if your route uses TLS passthrough.' + items: + description: RouteHTTPHeader specifies configuration for setting or deleting an HTTP header. + properties: + action: + description: action specifies actions to perform on headers, such as setting or deleting headers. + properties: + set: + description: 'set defines the HTTP header that should be set: added if it doesn''t exist or replaced if it does. This field is required when type is Set and forbidden otherwise.' + properties: + value: + description: value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. + maxLength: 16384 + minLength: 1 + type: string + required: + - value + type: object + type: + description: type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers. + enum: + - Set + - Delete + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: set is required when type is Set, and forbidden otherwise + rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) : !has(self.set)' + name: + description: 'name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&''*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.' + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + x-kubernetes-validations: + - message: strict-transport-security header may not be modified via header actions + rule: self.lowerAscii() != 'strict-transport-security' + - message: proxy header may not be modified via header actions + rule: self.lowerAscii() != 'proxy' + - message: cookie header may not be modified via header actions + rule: self.lowerAscii() != 'cookie' + - message: set-cookie header may not be modified via header actions + rule: self.lowerAscii() != 'set-cookie' + required: + - action + - name + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64. + rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + response: + description: 'response is a list of HTTP response headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the response headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Route actions will be executed before IngressController actions for response headers. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. You can use this field to specify HTTP response headers that should be set or deleted when forwarding responses from your application to the client. Sample fetchers allowed are "res.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". Note: This field cannot be used if your route uses TLS passthrough.' + items: + description: RouteHTTPHeader specifies configuration for setting or deleting an HTTP header. + properties: + action: + description: action specifies actions to perform on headers, such as setting or deleting headers. + properties: + set: + description: 'set defines the HTTP header that should be set: added if it doesn''t exist or replaced if it does. This field is required when type is Set and forbidden otherwise.' + properties: + value: + description: value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. + maxLength: 16384 + minLength: 1 + type: string + required: + - value + type: object + type: + description: type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers. + enum: + - Set + - Delete + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: set is required when type is Set, and forbidden otherwise + rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) : !has(self.set)' + name: + description: 'name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&''*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.' + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + x-kubernetes-validations: + - message: strict-transport-security header may not be modified via header actions + rule: self.lowerAscii() != 'strict-transport-security' + - message: proxy header may not be modified via header actions + rule: self.lowerAscii() != 'proxy' + - message: cookie header may not be modified via header actions + rule: self.lowerAscii() != 'cookie' + - message: set-cookie header may not be modified via header actions + rule: self.lowerAscii() != 'set-cookie' + required: + - action + - name + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64. + rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + type: object + type: object path: description: path that the router watches for, to route traffic for to the service. Optional pattern: ^/ @@ -174,7 +298,7 @@ spec: description: key provides key file contents type: string termination: - description: "termination indicates termination type. \n * edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend" + description: "termination indicates termination type. \n * edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend \n Note: passthrough termination is incompatible with httpHeader actions" enum: - edge - reencrypt @@ -222,6 +346,9 @@ spec: required: - to type: object + x-kubernetes-validations: + - message: header actions are not permitted when tls termination is passthrough. + rule: '!has(self.tls) || self.tls.termination != ''passthrough'' || !has(self.httpHeaders)' status: description: status is the current state of the route properties: diff --git a/vendor/github.com/openshift/api/route/v1/stable.route.testsuite.yaml b/vendor/github.com/openshift/api/route/v1/stable.route.testsuite.yaml index 0031afdb5b..d1e4766735 100644 --- a/vendor/github.com/openshift/api/route/v1/stable.route.testsuite.yaml +++ b/vendor/github.com/openshift/api/route/v1/stable.route.testsuite.yaml @@ -82,3 +82,594 @@ tests: termination: passthrough insecureEdgeTerminationPolicy: None wildcardPolicy: None + - name: Should be able to create a Route with valid actions + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-actions + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: X-Cache-Info + action: + type: Set + set: + value: "not cacheable; meta data too large" + - name: X-XSS-Protection + action: + type: Delete + - name: X-Source + action: + type: Set + set: + value: "%[res.hdr(X-Value),lower]" + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: "%{+Q}[ssl_c_der,base64]" + - name: Content-Language + action: + type: Delete + - name: X-Target + action: + type: Set + set: + value: "%[req.hdr(host),lower]" + - name: X-Conditional + action: + type: Set + set: + value: "%[req.hdr(Host)] if foo" + - name: X-Condition + action: + type: Set + set: + value: "%[req.hdr(Host)]\ if\ foo" + expected: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-actions + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + weight: 100 + wildcardPolicy: None + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: X-Cache-Info + action: + type: Set + set: + value: "not cacheable; meta data too large" + - name: X-XSS-Protection + action: + type: Delete + - name: X-Source + action: + type: Set + set: + value: "%[res.hdr(X-Value),lower]" + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: "%{+Q}[ssl_c_der,base64]" + - name: Content-Language + action: + type: Delete + - name: X-Target + action: + type: Set + set: + value: "%[req.hdr(host),lower]" + - name: X-Conditional + action: + type: Set + set: + value: "%[req.hdr(Host)] if foo" + - name: X-Condition + action: + type: Set + set: + value: "%[req.hdr(Host)]\ if\ foo" + - name: "Should not allow response header actions if tls termination is set to passthrough" + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-passthrough + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: passthrough + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: X-XSS-Protection + action: + type: Delete + expectedError: "header actions are not permitted when tls termination is passthrough." + - name: "Should not allow request header actions if tls termination is set to passthrough" + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-passthrough + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: passthrough + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: "%{+Q}[ssl_c_der,base64]" + - name: Content-Language + action: + type: Delete + - name: X-Target + action: + type: Set + set: + value: "%[req.hdr(host),lower]" + expectedError: "header actions are not permitted when tls termination is passthrough." + - name: Should not allow to set/delete HSTS header. + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-edge-hsts + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: Strict-Transport-Security + action: + type: Delete + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + expectedError: "strict-transport-security header may not be modified via header actions" + - name: Should not allow to set proxy request header. + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + name: hello-openshift-edge-proxy + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + request: + - name: Proxy + action: + type: Set + set: + value: example.xyz + expectedError: "proxy header may not be modified via header actions" + - name: Should not allow to set cookie header. + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + name: hello-openshift-edge-proxy + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + request: + - name: Cookie + action: + type: Set + set: + value: "PHPSESSID=298zf09hf012fh2; csrftoken=u32t4o3tb3gg43; _gat=1" + expectedError: "cookie header may not be modified via header actions" + - name: Should not allow to set set-cookie header. + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + name: hello-openshift-edge-proxy + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + response: + - name: Set-Cookie + action: + type: Set + set: + value: "sessionId=e8bb43229de9; Domain=foo.example.com" + expectedError: "set-cookie header may not be modified via header actions" + - name: Should not allow to set/delete dynamic headers with unclosed braces. + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-edge-unclosed-braces + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + - name: expires + action: + type: Set + set: + value: "%[req.hdr(host),lower" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set dynamic response header values with not allowed sample fetchers. + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-edge-not-allowed-values + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + response: + - name: X-Target + action: + type: Set + set: + value: "%{+Q}[ssl_c_der1,base64]" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set/delete dynamic response header values with not allowed converters. + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-edge-not-allowed-values + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + response: + - name: X-Target + action: + type: Set + set: + value: "%{+Q}[ssl_c_der,bogus]" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set/delete dynamic response header values containing req.hdr fetcher. + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-edge-not-allowed-values + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + response: + - name: X-Target + action: + type: Set + set: + value: "%[req.hdr(host),lower]" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set/delete dynamic response header values containing req.hdr fetcher. + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-edge-not-allowed-values + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + request: + - name: X-Source + action: + type: Set + set: + value: "%[res.hdr(X-Value),lower]" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set/delete dynamic request header values with not allowed converters. + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-edge-not-allowed-values + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + request: + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: "%{+Q}[ssl_c_der,bogus]" + - name: Content-Language + action: + type: Delete + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set dynamic request header values with not allowed sample fetchers. + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-edge-not-allowed-values + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + request: + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: "%{+Q}[ssl_c_der1122,base64]" + - name: Content-Language + action: + type: Delete + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow empty value in request + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-edge-not-allowed-values + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + request: + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: + expectedError: 'Route.route.openshift.io "hello-openshift-edge-not-allowed-values" is invalid: [spec.httpHeaders.actions.request[0].action.set.value: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' + - name: Should not allow empty value in response + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-edge-not-allowed-values + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + response: + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: + expectedError: 'Route.route.openshift.io "hello-openshift-edge-not-allowed-values" is invalid: [spec.httpHeaders.actions.response[0].action.set.value: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' + - name: Should be required to specify the set field when the discriminant type is Set. + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-actions + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + expectedError: "set is required when type is Set, and forbidden otherwise" + - name: Should be required to specify the set field when the discriminant type is Set. + initial: | + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + labels: + type: sharded + name: hello-openshift-actions + namespace: hello-openshift + spec: + subdomain: hello-openshift + tls: + termination: edge + to: + kind: Service + name: hello-openshift + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + set: + value: DENY + expectedError: 'Route.route.openshift.io "hello-openshift-actions" is invalid: [spec.httpHeaders.actions.response[0].action.type: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' diff --git a/vendor/github.com/openshift/api/route/v1/types.go b/vendor/github.com/openshift/api/route/v1/types.go index fb356bdd65..2de728bc00 100644 --- a/vendor/github.com/openshift/api/route/v1/types.go +++ b/vendor/github.com/openshift/api/route/v1/types.go @@ -47,6 +47,7 @@ type Route struct { metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // spec is the desired state of the route + // +kubebuilder:validation:XValidation:rule="!has(self.tls) || self.tls.termination != 'passthrough' || !has(self.httpHeaders)",message="header actions are not permitted when tls termination is passthrough." Spec RouteSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"` // status is the current state of the route // +optional @@ -145,8 +146,166 @@ type RouteSpec struct { // +kubebuilder:validation:Enum=None;Subdomain;"" // +kubebuilder:default=None WildcardPolicy WildcardPolicyType `json:"wildcardPolicy,omitempty" protobuf:"bytes,7,opt,name=wildcardPolicy"` + + // httpHeaders defines policy for HTTP headers. + // + // +optional + HTTPHeaders *RouteHTTPHeaders `json:"httpHeaders,omitempty" protobuf:"bytes,9,opt,name=httpHeaders"` +} + +// RouteHTTPHeaders defines policy for HTTP headers. +type RouteHTTPHeaders struct { + // actions specifies options for modifying headers and their values. + // Note that this option only applies to cleartext HTTP connections + // and to secure HTTP connections for which the ingress controller + // terminates encryption (that is, edge-terminated or reencrypt + // connections). Headers cannot be modified for TLS passthrough + // connections. + // Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. + // `Strict-Transport-Security` may only be configured using the "haproxy.router.openshift.io/hsts_header" + // route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. + // In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after + // the actions specified in the IngressController's spec.httpHeaders.actions field. + // In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be + // executed after the actions specified in the Route's spec.httpHeaders.actions field. + // The headers set via this API will not appear in access logs. + // Any actions defined here are applied after any actions related to the following other fields: + // cache-control, spec.clientTLS, + // spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, + // and spec.httpHeaders.headerNameCaseAdjustments. + // The following header names are reserved and may not be modified via this API: + // Strict-Transport-Security, Proxy, Cookie, Set-Cookie. + // Note that the total size of all net added headers *after* interpolating dynamic values + // must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + // IngressController. Please refer to the documentation + // for that API field for more details. + // +optional + Actions RouteHTTPHeaderActions `json:"actions,omitempty" protobuf:"bytes,1,opt,name=actions"` } +// RouteHTTPHeaderActions defines configuration for actions on HTTP request and response headers. +type RouteHTTPHeaderActions struct { + // response is a list of HTTP response headers to modify. + // Currently, actions may define to either `Set` or `Delete` headers values. + // Actions defined here will modify the response headers of all requests made through a route. + // These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. + // Route actions will be executed before IngressController actions for response headers. + // Actions are applied in sequence as defined in this list. + // A maximum of 20 response header actions may be configured. + // You can use this field to specify HTTP response headers that should be set or deleted + // when forwarding responses from your application to the client. + // Sample fetchers allowed are "res.hdr" and "ssl_c_der". + // Converters allowed are "lower" and "base64". + // Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + // Note: This field cannot be used if your route uses TLS passthrough. + // + --- + // + Note: Any change to regex mentioned below must be reflected in the CRD validation of route in https://github.com/openshift/library-go/blob/master/pkg/route/validation/validation.go and vice-versa. + // +listType=map + // +listMapKey=name + // +optional + // +kubebuilder:validation:MaxItems=20 + // +kubebuilder:validation:XValidation:rule=`self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$')))`,message="Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + Response []RouteHTTPHeader `json:"response" protobuf:"bytes,1,rep,name=response"` + // request is a list of HTTP request headers to modify. + // Currently, actions may define to either `Set` or `Delete` headers values. + // Actions defined here will modify the request headers of all requests made through a route. + // These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. + // Currently, actions may define to either `Set` or `Delete` headers values. + // Route actions will be executed after IngressController actions for request headers. + // Actions are applied in sequence as defined in this list. + // A maximum of 20 request header actions may be configured. + // You can use this field to specify HTTP request headers that should be set or deleted + // when forwarding connections from the client to your application. + // Sample fetchers allowed are "req.hdr" and "ssl_c_der". + // Converters allowed are "lower" and "base64". + // Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + // Any request header configuration applied directly via a Route resource using this API + // will override header configuration for a header of the same name applied via + // spec.httpHeaders.actions on the IngressController or route annotation. + // Note: This field cannot be used if your route uses TLS passthrough. + // + --- + // + Note: Any change to regex mentioned below must be reflected in the CRD validation of route in https://github.com/openshift/library-go/blob/master/pkg/route/validation/validation.go and vice-versa. + // +listType=map + // +listMapKey=name + // +optional + // +kubebuilder:validation:MaxItems=20 + // +kubebuilder:validation:XValidation:rule=`self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$')))`,message="Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + Request []RouteHTTPHeader `json:"request" protobuf:"bytes,2,rep,name=request"` +} + +// RouteHTTPHeader specifies configuration for setting or deleting an HTTP header. +type RouteHTTPHeader struct { + // name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header + // name as defined in RFC 2616 section 4.2. + // The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". + // The following header names are reserved and may not be modified via this API: + // Strict-Transport-Security, Proxy, Cookie, Set-Cookie. + // It must be no more than 255 characters in length. + // Header name must be unique. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:Pattern="^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'strict-transport-security'",message="strict-transport-security header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'proxy'",message="proxy header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'cookie'",message="cookie header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'set-cookie'",message="set-cookie header may not be modified via header actions" + Name string `json:"name" protobuf:"bytes,1,opt,name=name"` + + // action specifies actions to perform on headers, such as setting or deleting headers. + // +kubebuilder:validation:Required + Action RouteHTTPHeaderActionUnion `json:"action" protobuf:"bytes,2,opt,name=action"` +} + +// RouteHTTPHeaderActionUnion specifies an action to take on an HTTP header. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Set' ? has(self.set) : !has(self.set)",message="set is required when type is Set, and forbidden otherwise" +// +union +type RouteHTTPHeaderActionUnion struct { + // type defines the type of the action to be applied on the header. + // Possible values are Set or Delete. + // Set allows you to set HTTP request and response headers. + // Delete allows you to delete HTTP request and response headers. + // +unionDiscriminator + // +kubebuilder:validation:Enum:=Set;Delete + // +kubebuilder:validation:Required + Type RouteHTTPHeaderActionType `json:"type" protobuf:"bytes,1,opt,name=type,casttype=RouteHTTPHeaderActionType"` + + // set defines the HTTP header that should be set: added if it doesn't exist or replaced if it does. + // This field is required when type is Set and forbidden otherwise. + // +optional + // +unionMember + Set *RouteSetHTTPHeader `json:"set,omitempty" protobuf:"bytes,2,opt,name=set"` +} + +// RouteSetHTTPHeader specifies what value needs to be set on an HTTP header. +type RouteSetHTTPHeader struct { + // value specifies a header value. + // Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in + // http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and + // otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + // The value of this field must be no more than 16384 characters in length. + // Note that the total size of all net added headers *after* interpolating dynamic values + // must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + // IngressController. + // + --- + // + Note: This limit was selected as most common web servers have a limit of 16384 characters or some lower limit. + // + See . + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=16384 + Value string `json:"value" protobuf:"bytes,1,opt,name=value"` +} + +// RouteHTTPHeaderActionType defines actions that can be performed on HTTP headers. +type RouteHTTPHeaderActionType string + +const ( + // Set specifies that an HTTP header should be set. + Set RouteHTTPHeaderActionType = "Set" + // Delete specifies that an HTTP header should be deleted. + Delete RouteHTTPHeaderActionType = "Delete" +) + // RouteTargetReference specifies the target that resolve into endpoints. Only the 'Service' // kind is allowed. Use 'weight' field to emphasize one over others. type RouteTargetReference struct { @@ -256,6 +415,7 @@ type TLSConfig struct { // * passthrough - Traffic is sent straight to the destination without the router providing TLS termination // * reencrypt - TLS termination is done by the router and https is used to communicate with the backend // + // Note: passthrough termination is incompatible with httpHeader actions // +kubebuilder:validation:Enum=edge;reencrypt;passthrough Termination TLSTerminationType `json:"termination" protobuf:"bytes,1,opt,name=termination,casttype=TLSTerminationType"` diff --git a/vendor/github.com/openshift/api/route/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/route/v1/zz_generated.deepcopy.go index 113c2f0708..23a2edd423 100644 --- a/vendor/github.com/openshift/api/route/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/route/v1/zz_generated.deepcopy.go @@ -53,6 +53,91 @@ func (in *Route) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RouteHTTPHeader) DeepCopyInto(out *RouteHTTPHeader) { + *out = *in + in.Action.DeepCopyInto(&out.Action) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteHTTPHeader. +func (in *RouteHTTPHeader) DeepCopy() *RouteHTTPHeader { + if in == nil { + return nil + } + out := new(RouteHTTPHeader) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RouteHTTPHeaderActionUnion) DeepCopyInto(out *RouteHTTPHeaderActionUnion) { + *out = *in + if in.Set != nil { + in, out := &in.Set, &out.Set + *out = new(RouteSetHTTPHeader) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteHTTPHeaderActionUnion. +func (in *RouteHTTPHeaderActionUnion) DeepCopy() *RouteHTTPHeaderActionUnion { + if in == nil { + return nil + } + out := new(RouteHTTPHeaderActionUnion) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RouteHTTPHeaderActions) DeepCopyInto(out *RouteHTTPHeaderActions) { + *out = *in + if in.Response != nil { + in, out := &in.Response, &out.Response + *out = make([]RouteHTTPHeader, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Request != nil { + in, out := &in.Request, &out.Request + *out = make([]RouteHTTPHeader, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteHTTPHeaderActions. +func (in *RouteHTTPHeaderActions) DeepCopy() *RouteHTTPHeaderActions { + if in == nil { + return nil + } + out := new(RouteHTTPHeaderActions) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RouteHTTPHeaders) DeepCopyInto(out *RouteHTTPHeaders) { + *out = *in + in.Actions.DeepCopyInto(&out.Actions) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteHTTPHeaders. +func (in *RouteHTTPHeaders) DeepCopy() *RouteHTTPHeaders { + if in == nil { + return nil + } + out := new(RouteHTTPHeaders) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RouteIngress) DeepCopyInto(out *RouteIngress) { *out = *in @@ -146,6 +231,22 @@ func (in *RoutePort) DeepCopy() *RoutePort { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RouteSetHTTPHeader) DeepCopyInto(out *RouteSetHTTPHeader) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteSetHTTPHeader. +func (in *RouteSetHTTPHeader) DeepCopy() *RouteSetHTTPHeader { + if in == nil { + return nil + } + out := new(RouteSetHTTPHeader) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RouteSpec) DeepCopyInto(out *RouteSpec) { *out = *in @@ -167,6 +268,11 @@ func (in *RouteSpec) DeepCopyInto(out *RouteSpec) { *out = new(TLSConfig) (*in).DeepCopyInto(*out) } + if in.HTTPHeaders != nil { + in, out := &in.HTTPHeaders, &out.HTTPHeaders + *out = new(RouteHTTPHeaders) + (*in).DeepCopyInto(*out) + } return } diff --git a/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go index 621b5d69bc..8d49587177 100644 --- a/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go @@ -31,6 +31,45 @@ func (Route) SwaggerDoc() map[string]string { return map_Route } +var map_RouteHTTPHeader = map[string]string{ + "": "RouteHTTPHeader specifies configuration for setting or deleting an HTTP header.", + "name": "name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, \"-!#$%&'*+.^_`\". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.", + "action": "action specifies actions to perform on headers, such as setting or deleting headers.", +} + +func (RouteHTTPHeader) SwaggerDoc() map[string]string { + return map_RouteHTTPHeader +} + +var map_RouteHTTPHeaderActionUnion = map[string]string{ + "": "RouteHTTPHeaderActionUnion specifies an action to take on an HTTP header.", + "type": "type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.", + "set": "set defines the HTTP header that should be set: added if it doesn't exist or replaced if it does. This field is required when type is Set and forbidden otherwise.", +} + +func (RouteHTTPHeaderActionUnion) SwaggerDoc() map[string]string { + return map_RouteHTTPHeaderActionUnion +} + +var map_RouteHTTPHeaderActions = map[string]string{ + "": "RouteHTTPHeaderActions defines configuration for actions on HTTP request and response headers.", + "response": "response is a list of HTTP response headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the response headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Route actions will be executed before IngressController actions for response headers. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. You can use this field to specify HTTP response headers that should be set or deleted when forwarding responses from your application to the client. Sample fetchers allowed are \"res.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[res.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\". Note: This field cannot be used if your route uses TLS passthrough. ", + "request": "request is a list of HTTP request headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the request headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Currently, actions may define to either `Set` or `Delete` headers values. Route actions will be executed after IngressController actions for request headers. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. You can use this field to specify HTTP request headers that should be set or deleted when forwarding connections from the client to your application. Sample fetchers allowed are \"req.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[req.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\". Any request header configuration applied directly via a Route resource using this API will override header configuration for a header of the same name applied via spec.httpHeaders.actions on the IngressController or route annotation. Note: This field cannot be used if your route uses TLS passthrough. ", +} + +func (RouteHTTPHeaderActions) SwaggerDoc() map[string]string { + return map_RouteHTTPHeaderActions +} + +var map_RouteHTTPHeaders = map[string]string{ + "": "RouteHTTPHeaders defines policy for HTTP headers.", + "actions": "actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the \"haproxy.router.openshift.io/hsts_header\" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController's spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route's spec.httpHeaders.actions field. The headers set via this API will not appear in access logs. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.", +} + +func (RouteHTTPHeaders) SwaggerDoc() map[string]string { + return map_RouteHTTPHeaders +} + var map_RouteIngress = map[string]string{ "": "RouteIngress holds information about the places where a route is exposed.", "host": "Host is the host string under which the route is exposed; this value is required", @@ -76,6 +115,15 @@ func (RoutePort) SwaggerDoc() map[string]string { return map_RoutePort } +var map_RouteSetHTTPHeader = map[string]string{ + "": "RouteSetHTTPHeader specifies what value needs to be set on an HTTP header.", + "value": "value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. ", +} + +func (RouteSetHTTPHeader) SwaggerDoc() map[string]string { + return map_RouteSetHTTPHeader +} + var map_RouteSpec = map[string]string{ "": "RouteSpec describes the hostname or path the route exposes, any security information, and one to four backends (services) the route points to. Requests are distributed among the backends depending on the weights assigned to each backend. When using roundrobin scheduling the portion of requests that go to each backend is the backend weight divided by the sum of all of the backend weights. When the backend has more than one endpoint the requests that end up on the backend are roundrobin distributed among the endpoints. Weights are between 0 and 256 with default 100. Weight 0 causes no requests to the backend. If all weights are zero the route will be considered to have no backends and return a standard 503 response.\n\nThe `tls` field is optional and allows specific certificates or behavior for the route. Routers typically configure a default certificate on a wildcard domain to terminate routes without explicit certificates, but custom hostnames usually must choose passthrough (send traffic directly to the backend via the TLS Server-Name- Indication field) or provide a certificate.", "host": "host is an alias/DNS that points to the service. Optional. If not specified a route name will typically be automatically chosen. Must follow DNS952 subdomain conventions.", @@ -86,6 +134,7 @@ var map_RouteSpec = map[string]string{ "port": "If specified, the port to be used by the router. Most routers will use all endpoints exposed by the service by default - set this value to instruct routers which port to use.", "tls": "The tls field provides the ability to configure certificates and termination for the route.", "wildcardPolicy": "Wildcard policy if any for the route. Currently only 'Subdomain' or 'None' is allowed.", + "httpHeaders": "httpHeaders defines policy for HTTP headers.", } func (RouteSpec) SwaggerDoc() map[string]string { @@ -124,7 +173,7 @@ func (RouterShard) SwaggerDoc() map[string]string { var map_TLSConfig = map[string]string{ "": "TLSConfig defines config used to secure a route and provide termination", - "termination": "termination indicates termination type.\n\n* edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend", + "termination": "termination indicates termination type.\n\n* edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend\n\nNote: passthrough termination is incompatible with httpHeader actions", "certificate": "certificate provides certificate contents. This should be a single serving certificate, not a certificate chain. Do not include a CA certificate.", "key": "key provides key file contents", "caCertificate": "caCertificate provides the cert authority certificate contents", diff --git a/vendor/github.com/openshift/api/samples/v1/0000_10_samplesconfig.crd.yaml b/vendor/github.com/openshift/api/samples/v1/00_samplesconfig.crd.yaml similarity index 100% rename from vendor/github.com/openshift/api/samples/v1/0000_10_samplesconfig.crd.yaml rename to vendor/github.com/openshift/api/samples/v1/00_samplesconfig.crd.yaml diff --git a/vendor/github.com/openshift/api/samples/v1/stable.config.testsuite.yaml b/vendor/github.com/openshift/api/samples/v1/stable.config.testsuite.yaml index 34026a86ae..dbb8e14a48 100644 --- a/vendor/github.com/openshift/api/samples/v1/stable.config.testsuite.yaml +++ b/vendor/github.com/openshift/api/samples/v1/stable.config.testsuite.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "[Stable] Config" -crd: 0000_10_samplesconfig.crd.yaml +crd: 00_samplesconfig.crd.yaml tests: onCreate: - name: Should be able to create a minimal Config diff --git a/vendor/github.com/openshift/library-go/pkg/features/features.go b/vendor/github.com/openshift/library-go/pkg/features/features.go index ccb4c0ce9a..3fb74abfbc 100644 --- a/vendor/github.com/openshift/library-go/pkg/features/features.go +++ b/vendor/github.com/openshift/library-go/pkg/features/features.go @@ -69,9 +69,9 @@ func setFeatureGates(featureGatesMap map[string]bool, featureGates featuregate.M // ideally we filter these at the operator level, but that isn't trivial to do and this is. // We don't allow users to set values, so hopefully we have e2e test that prevent invalid values. allowedFeatureGates := map[string]bool{} - knownFeatures := sets.NewString(featureGates.KnownFeatures()...) + knownFeatures := featureGates.GetAll() for featureGateName, val := range featureGatesMap { - if !knownFeatures.Has(featureGateName) { + if _, exists := knownFeatures[featuregate.Feature(featureGateName)]; !exists { warnings = append(warnings, fmt.Sprintf("Ignoring unknown FeatureGate %q", featureGateName)) continue } diff --git a/vendor/github.com/openshift/library-go/pkg/route/validation/validation.go b/vendor/github.com/openshift/library-go/pkg/route/validation/validation.go index b42d8e0fc3..94f39d092a 100644 --- a/vendor/github.com/openshift/library-go/pkg/route/validation/validation.go +++ b/vendor/github.com/openshift/library-go/pkg/route/validation/validation.go @@ -6,6 +6,7 @@ import ( "crypto/x509" "encoding/pem" "fmt" + "regexp" "strings" corev1 "k8s.io/api/core/v1" @@ -19,7 +20,55 @@ import ( routev1 "github.com/openshift/api/route/v1" ) -var validateRouteName = apimachineryvalidation.NameIsDNSSubdomain +const ( + // maxHeaderNameSize is the maximum allowed length of an HTTP header + // name. + maxHeaderNameSize = 255 + // maxHeaderValueSize is the maximum allowed length of an HTTP header + // value. + maxHeaderValueSize = 16384 + // maxResponseHeaderList is the maximum allowed number of HTTP response + // header actions. + maxResponseHeaderList = 20 + // maxRequestHeaderList is the maximum allowed number of HTTP request + // header actions. + maxRequestHeaderList = 20 + // permittedHeaderNameErrorMessage is the API validation message for an + // invalid HTTP header name. + permittedHeaderNameErrorMessage = "name must be a valid HTTP header name as defined in RFC 2616 section 4.2" + // permittedHeaderValueTemplate is used in the definitions of + // permittedRequestHeaderValueRE and permittedResponseHeaderValueRE. + // Any changes made to these regex patterns must be reflected in the + // corresponding regexps in + // https://github.com/openshift/api/blob/master/route/v1/types.go and + // https://github.com/openshift/api/blob/master/operator/v1/types_ingress.go + // for the Route.spec.httpHeaders.actions[*].response, + // Route.spec.httpHeaders.actions[*].request, + // IngressController.spec.httpHeaders.actions[*].response, and + // IngressController.spec.httpHeaders.actions[*].request fields for the + // benefit of client-side validation. + permittedHeaderValueTemplate = `^(?:%(?:%|(?:\{[-+]?[QXE](?:,[-+]?[QXE])*\})?\[(?:XYZ\.hdr\([0-9A-Za-z-]+\)|ssl_c_der)(?:,(?:lower|base64))*\])|[^%[:cntrl:]])+$` + // permittedRequestHeaderValueErrorMessage is the API validation message + // for an invalid HTTP request header value. + permittedRequestHeaderValueErrorMessage = "Either header value provided is not in correct format or the converter specified is not allowed. The dynamic header value may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2 Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + // permittedResponseHeaderValueErrorMessage is the API validation + // message for an invalid HTTP response header value. + permittedResponseHeaderValueErrorMessage = "Either header value provided is not in correct format or the converter specified is not allowed. The dynamic header value may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2 Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." +) + +var ( + // validateRouteName is a ValidateNameFunc for validating a route name. + validateRouteName = apimachineryvalidation.NameIsDNSSubdomain + // permittedHeaderNameRE is a compiled regexp for validating an HTTP + // header name. + permittedHeaderNameRE = regexp.MustCompile("^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$") + // permittedRequestHeaderValueRE is a compiled regexp for validating an + // HTTP request header value. + permittedRequestHeaderValueRE = regexp.MustCompile(strings.Replace(permittedHeaderValueTemplate, "XYZ", "req", 1)) + // permittedResponseHeaderValueRE is a compiled regexp for validating an + // HTTP response header value. + permittedResponseHeaderValueRE = regexp.MustCompile(strings.Replace(permittedHeaderValueTemplate, "XYZ", "res", 1)) +) func ValidateRoute(route *routev1.Route) field.ErrorList { return validateRoute(route, true) @@ -90,6 +139,26 @@ func validateRoute(route *routev1.Route, checkHostname bool) field.ErrorList { result = append(result, err) } + if route.Spec.HTTPHeaders != nil { + if len(route.Spec.HTTPHeaders.Actions.Response) != 0 || len(route.Spec.HTTPHeaders.Actions.Request) != 0 { + if route.Spec.TLS != nil && route.Spec.TLS.Termination == routev1.TLSTerminationPassthrough { + result = append(result, field.Invalid(field.NewPath("spec", "tls", "termination"), route.Spec.TLS.Termination, "only edge and re-encrypt routes are supported for providing customized headers.")) + } + } + actionsPath := field.NewPath("spec", "httpHeaders", "actions") + if len(route.Spec.HTTPHeaders.Actions.Response) > maxResponseHeaderList { + result = append(result, field.Invalid(actionsPath.Child("response"), route.Spec.HTTPHeaders.Actions.Response, fmt.Sprintf("response headers list can't exceed %d items", maxResponseHeaderList))) + } else { + result = append(result, validateHeaders(actionsPath.Child("response"), route.Spec.HTTPHeaders.Actions.Response, permittedResponseHeaderValueRE, permittedResponseHeaderValueErrorMessage)...) + } + + if len(route.Spec.HTTPHeaders.Actions.Request) > maxRequestHeaderList { + result = append(result, field.Invalid(actionsPath.Child("request"), route.Spec.HTTPHeaders.Actions.Request, fmt.Sprintf("request headers list can't exceed %d items", maxRequestHeaderList))) + } else { + result = append(result, validateHeaders(actionsPath.Child("request"), route.Spec.HTTPHeaders.Actions.Request, permittedRequestHeaderValueRE, permittedRequestHeaderValueErrorMessage)...) + } + } + if len(route.Spec.Path) > 0 && !strings.HasPrefix(route.Spec.Path, "/") { result = append(result, field.Invalid(specPath.Child("path"), route.Spec.Path, "path must begin with /")) } @@ -342,6 +411,69 @@ func validateWildcardPolicy(host string, policy routev1.WildcardPolicyType, fldP return nil } +var ( + notAllowedHTTPHeaders = []string{"strict-transport-security", "proxy", "cookie", "set-cookie"} + notAllowedHTTPHeaderSet = sets.NewString(notAllowedHTTPHeaders...) + notAllowedHTTPHeadersMessage = fmt.Sprintf("the following headers may not be modified using this API: %v", strings.Join(notAllowedHTTPHeaders, ", ")) +) + +// validateHeaders verifies that the given slice of request or response headers +// is valid using the given regexp. +func validateHeaders(fldPath *field.Path, headers []routev1.RouteHTTPHeader, valueRegexpForHeaderValue *regexp.Regexp, valueErrorMessage string) field.ErrorList { + allErrs := field.ErrorList{} + headersMap := map[string]struct{}{} + for i, header := range headers { + idxPath := fldPath.Index(i) + + // Each action must specify a unique header. + _, alreadyExists := headersMap[header.Name] + if alreadyExists { + err := field.Duplicate(idxPath.Child("name"), header.Name) + allErrs = append(allErrs, err) + } + headersMap[header.Name] = struct{}{} + + switch nameLength := len(header.Name); { + case nameLength == 0: + err := field.Required(idxPath.Child("name"), "") + allErrs = append(allErrs, err) + case nameLength > maxHeaderNameSize: + err := field.Invalid(idxPath.Child("name"), header.Name, fmt.Sprintf("name exceeds the maximum length, which is %d", maxHeaderNameSize)) + allErrs = append(allErrs, err) + case notAllowedHTTPHeaderSet.Has(strings.ToLower(header.Name)): + err := field.Forbidden(idxPath.Child("name"), notAllowedHTTPHeadersMessage) + allErrs = append(allErrs, err) + case !permittedHeaderNameRE.MatchString(header.Name): + err := field.Invalid(idxPath.Child("name"), header.Name, permittedHeaderNameErrorMessage) + allErrs = append(allErrs, err) + } + + if header.Action.Type != routev1.Set && header.Action.Type != routev1.Delete { + err := field.Invalid(idxPath.Child("action", "type"), header.Action.Type, fmt.Sprintf("type must be %q or %q", routev1.Set, routev1.Delete)) + allErrs = append(allErrs, err) + } + + if header.Action.Type == routev1.Set && header.Action.Set == nil || header.Action.Type != routev1.Set && header.Action.Set != nil { + err := field.Required(idxPath.Child("action", "set"), "set is required when type is Set, and forbidden otherwise") + allErrs = append(allErrs, err) + } + if header.Action.Set != nil { + switch valueLength := len(header.Action.Set.Value); { + case valueLength == 0: + err := field.Required(idxPath.Child("action", "set", "value"), "") + allErrs = append(allErrs, err) + case valueLength > maxHeaderValueSize: + err := field.Invalid(idxPath.Child("action", "set", "value"), header.Action.Set.Value, fmt.Sprintf("value exceeds the maximum length, which is %d", maxHeaderValueSize)) + allErrs = append(allErrs, err) + case !valueRegexpForHeaderValue.MatchString(header.Action.Set.Value): + err := field.Invalid(idxPath.Child("action", "set", "value"), header.Action.Set.Value, valueErrorMessage) + allErrs = append(allErrs, err) + } + } + } + return allErrs +} + // The special finalizer name validations were copied from k8s.io/kubernetes to eliminate that // dependency and preserve the existing behavior. diff --git a/vendor/k8s.io/apimachinery/pkg/runtime/converter.go b/vendor/k8s.io/apimachinery/pkg/runtime/converter.go index 90bf487e35..62eb27afc1 100644 --- a/vendor/k8s.io/apimachinery/pkg/runtime/converter.go +++ b/vendor/k8s.io/apimachinery/pkg/runtime/converter.go @@ -231,7 +231,7 @@ func (c *fromUnstructuredContext) pushKey(key string) { } -// FromUnstructuredWIthValidation converts an object from map[string]interface{} representation into a concrete type. +// FromUnstructuredWithValidation converts an object from map[string]interface{} representation into a concrete type. // It uses encoding/json/Unmarshaler if object implements it or reflection if not. // It takes a validationDirective that indicates how to behave when it encounters unknown fields. func (c *unstructuredConverter) FromUnstructuredWithValidation(u map[string]interface{}, obj interface{}, returnUnknownFields bool) error { @@ -465,7 +465,7 @@ func sliceFromUnstructured(sv, dv reflect.Value, ctx *fromUnstructuredContext) e } dv.SetBytes(data) } else { - dv.Set(reflect.Zero(dt)) + dv.Set(reflect.MakeSlice(dt, 0, 0)) } return nil } diff --git a/vendor/k8s.io/apimachinery/pkg/util/wait/loop.go b/vendor/k8s.io/apimachinery/pkg/util/wait/loop.go index 51864d70f9..0dd13c626c 100644 --- a/vendor/k8s.io/apimachinery/pkg/util/wait/loop.go +++ b/vendor/k8s.io/apimachinery/pkg/util/wait/loop.go @@ -27,9 +27,11 @@ import ( // the provided timer until the provided context is cancelled, the condition returns // true, or the condition returns an error. If sliding is true, the period is computed // after condition runs. If it is false then period includes the runtime for condition. -// If immediate is false the first delay happens before any call to condition. The -// returned error is the error returned by the last condition or the context error if -// the context was terminated. +// If immediate is false the first delay happens before any call to condition, if +// immediate is true the condition will be invoked before waiting and guarantees that +// the condition is invoked at least once, regardless of whether the context has been +// cancelled. The returned error is the error returned by the last condition or the +// context error if the context was terminated. // // This is the common loop construct for all polling in the wait package. func loopConditionUntilContext(ctx context.Context, t Timer, immediate, sliding bool, condition ConditionWithContextFunc) error { @@ -38,8 +40,17 @@ func loopConditionUntilContext(ctx context.Context, t Timer, immediate, sliding var timeCh <-chan time.Time doneCh := ctx.Done() + // if immediate is true the condition is + // guaranteed to be executed at least once, // if we haven't requested immediate execution, delay once - if !immediate { + if immediate { + if ok, err := func() (bool, error) { + defer runtime.HandleCrash() + return condition(ctx) + }(); err != nil || ok { + return err + } + } else { timeCh = t.C() select { case <-doneCh: diff --git a/vendor/k8s.io/client-go/util/cert/cert.go b/vendor/k8s.io/client-go/util/cert/cert.go index 4be1dfe493..37b023ef25 100644 --- a/vendor/k8s.io/client-go/util/cert/cert.go +++ b/vendor/k8s.io/client-go/util/cert/cert.go @@ -25,6 +25,7 @@ import ( "crypto/x509/pkix" "encoding/pem" "fmt" + "math" "math/big" "net" "os" @@ -57,8 +58,14 @@ type AltNames struct { // NewSelfSignedCACert creates a CA certificate func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, error) { now := time.Now() + // returns a uniform random value in [0, max-1), then add 1 to serial to make it a uniform random value in [1, max). + serial, err := cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64-1)) + if err != nil { + return nil, err + } + serial = new(big.Int).Add(serial, big.NewInt(1)) tmpl := x509.Certificate{ - SerialNumber: new(big.Int).SetInt64(0), + SerialNumber: serial, Subject: pkix.Name{ CommonName: cfg.CommonName, Organization: cfg.Organization, @@ -116,9 +123,14 @@ func GenerateSelfSignedCertKeyWithFixtures(host string, alternateIPs []net.IP, a if err != nil { return nil, nil, err } - + // returns a uniform random value in [0, max-1), then add 1 to serial to make it a uniform random value in [1, max). + serial, err := cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64-1)) + if err != nil { + return nil, nil, err + } + serial = new(big.Int).Add(serial, big.NewInt(1)) caTemplate := x509.Certificate{ - SerialNumber: big.NewInt(1), + SerialNumber: serial, Subject: pkix.Name{ CommonName: fmt.Sprintf("%s-ca@%d", host, time.Now().Unix()), }, @@ -144,9 +156,14 @@ func GenerateSelfSignedCertKeyWithFixtures(host string, alternateIPs []net.IP, a if err != nil { return nil, nil, err } - + // returns a uniform random value in [0, max-1), then add 1 to serial to make it a uniform random value in [1, max). + serial, err = cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64-1)) + if err != nil { + return nil, nil, err + } + serial = new(big.Int).Add(serial, big.NewInt(1)) template := x509.Certificate{ - SerialNumber: big.NewInt(2), + SerialNumber: serial, Subject: pkix.Name{ CommonName: fmt.Sprintf("%s@%d", host, time.Now().Unix()), }, diff --git a/vendor/k8s.io/kubernetes/pkg/apis/core/validation/validation.go b/vendor/k8s.io/kubernetes/pkg/apis/core/validation/validation.go index 465c92380a..d928f7c327 100644 --- a/vendor/k8s.io/kubernetes/pkg/apis/core/validation/validation.go +++ b/vendor/k8s.io/kubernetes/pkg/apis/core/validation/validation.go @@ -4727,7 +4727,14 @@ func ValidatePodUpdate(newPod, oldPod *core.Pod, opts PodValidationOptions) fiel // already effectively nil, no change needed case mungedPodSpec.Affinity == nil && oldNodeAffinity != nil: mungedPodSpec.Affinity = &core.Affinity{NodeAffinity: oldNodeAffinity} // +k8s:verify-mutation:reason=clone + case mungedPodSpec.Affinity != nil && oldPod.Spec.Affinity == nil && + mungedPodSpec.Affinity.PodAntiAffinity == nil && mungedPodSpec.Affinity.PodAffinity == nil: + // We ensure no other fields are being changed, but the NodeAffinity. If that's the case, and the + // old pod's affinity is nil, we set the mungedPodSpec's affinity to nil. + mungedPodSpec.Affinity = nil // +k8s:verify-mutation:reason=clone default: + // The node affinity is being updated and the old pod Affinity is not nil. + // We set the mungedPodSpec's node affinity to the old pod's node affinity. mungedPodSpec.Affinity.NodeAffinity = oldNodeAffinity // +k8s:verify-mutation:reason=clone } } diff --git a/vendor/modules.txt b/vendor/modules.txt index c21b8e7f43..b5e6a9a68f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -373,7 +373,7 @@ github.com/opencontainers/runc/libcontainer/user # github.com/opencontainers/runtime-spec v1.0.3-0.20220909204839-494a5a6aca78 ## explicit github.com/opencontainers/runtime-spec/specs-go -# github.com/openshift/api v0.0.0-20230718161610-2a3e8b481cec +# github.com/openshift/api v0.0.0-20230807132801-600991d550ac ## explicit; go 1.20 github.com/openshift/api github.com/openshift/api/annotations @@ -604,7 +604,7 @@ github.com/openshift/client-go/user/informers/externalversions/internalinterface github.com/openshift/client-go/user/informers/externalversions/user github.com/openshift/client-go/user/informers/externalversions/user/v1 github.com/openshift/client-go/user/listers/user/v1 -# github.com/openshift/library-go v0.0.0-20230714173235-d8d3f3f8a9e4 +# github.com/openshift/library-go v0.0.0-20230808150704-ce4395c85e8c ## explicit; go 1.20 github.com/openshift/library-go/pkg/apiserver/admission/admissionregistrationtesting github.com/openshift/library-go/pkg/apiserver/admission/admissionrestconfig @@ -1085,7 +1085,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.27.2 => k8s.io/api v0.27.2 +# k8s.io/api v0.27.4 => k8s.io/api v0.27.4 ## explicit; go 1.20 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -1142,7 +1142,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apiextensions-apiserver v0.27.2 => k8s.io/apiextensions-apiserver v0.27.2 +# k8s.io/apiextensions-apiserver v0.27.4 => k8s.io/apiextensions-apiserver v0.27.4 ## explicit; go 1.20 k8s.io/apiextensions-apiserver/pkg/apihelpers k8s.io/apiextensions-apiserver/pkg/apis/apiextensions @@ -1185,7 +1185,7 @@ k8s.io/apiextensions-apiserver/pkg/generated/openapi k8s.io/apiextensions-apiserver/pkg/registry/customresource k8s.io/apiextensions-apiserver/pkg/registry/customresource/tableconvertor k8s.io/apiextensions-apiserver/pkg/registry/customresourcedefinition -# k8s.io/apimachinery v0.27.2 => k8s.io/apimachinery v0.27.2 +# k8s.io/apimachinery v0.27.4 => k8s.io/apimachinery v0.27.4 ## explicit; go 1.20 k8s.io/apimachinery/pkg/api/apitesting k8s.io/apimachinery/pkg/api/apitesting/fuzzer @@ -1252,7 +1252,7 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.27.2 => github.com/openshift/kubernetes-apiserver v0.0.0-20230525090225-51d24b204b3b +# k8s.io/apiserver v0.27.4 => github.com/openshift/kubernetes-apiserver v0.0.0-20230525090225-51d24b204b3b ## explicit; go 1.20 k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/cel @@ -1413,12 +1413,12 @@ k8s.io/apiserver/plugin/pkg/audit/truncate k8s.io/apiserver/plugin/pkg/audit/webhook k8s.io/apiserver/plugin/pkg/authenticator/token/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook -# k8s.io/cli-runtime v0.27.2 => k8s.io/cli-runtime v0.27.2 +# k8s.io/cli-runtime v0.27.4 => k8s.io/cli-runtime v0.27.4 ## explicit; go 1.20 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.27.2 => k8s.io/client-go v0.27.2 +# k8s.io/client-go v0.27.4 => k8s.io/client-go v0.27.4 ## explicit; go 1.20 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -1746,7 +1746,7 @@ k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/workqueue -# k8s.io/cloud-provider v0.27.2 => k8s.io/cloud-provider v0.27.2 +# k8s.io/cloud-provider v0.27.4 => k8s.io/cloud-provider v0.27.4 ## explicit; go 1.20 k8s.io/cloud-provider k8s.io/cloud-provider/app/config @@ -1758,7 +1758,7 @@ k8s.io/cloud-provider/controllers/node/config/v1alpha1 k8s.io/cloud-provider/controllers/service/config k8s.io/cloud-provider/controllers/service/config/v1alpha1 k8s.io/cloud-provider/options -# k8s.io/code-generator v0.27.2 => k8s.io/code-generator v0.27.2 +# k8s.io/code-generator v0.27.4 => k8s.io/code-generator v0.27.4 ## explicit; go 1.20 k8s.io/code-generator k8s.io/code-generator/cmd/applyconfiguration-gen @@ -1796,7 +1796,7 @@ k8s.io/code-generator/cmd/set-gen k8s.io/code-generator/pkg/namer k8s.io/code-generator/pkg/util k8s.io/code-generator/third_party/forked/golang/reflect -# k8s.io/component-base v0.27.2 => k8s.io/component-base v0.27.2 +# k8s.io/component-base v0.27.4 => k8s.io/component-base v0.27.4 ## explicit; go 1.20 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -1823,14 +1823,14 @@ k8s.io/component-base/metrics/testutil k8s.io/component-base/tracing k8s.io/component-base/tracing/api/v1 k8s.io/component-base/version -# k8s.io/component-helpers v0.27.2 => k8s.io/component-helpers v0.27.2 +# k8s.io/component-helpers v0.27.4 => k8s.io/component-helpers v0.27.4 ## explicit; go 1.20 k8s.io/component-helpers/auth/rbac/reconciliation k8s.io/component-helpers/auth/rbac/validation k8s.io/component-helpers/scheduling/corev1 k8s.io/component-helpers/scheduling/corev1/nodeaffinity k8s.io/component-helpers/storage/volume -# k8s.io/controller-manager v0.27.2 => k8s.io/controller-manager v0.27.2 +# k8s.io/controller-manager v0.27.4 => k8s.io/controller-manager v0.27.4 ## explicit; go 1.20 k8s.io/controller-manager/config k8s.io/controller-manager/config/v1 @@ -1862,13 +1862,13 @@ k8s.io/klog/v2/internal/clock k8s.io/klog/v2/internal/dbg k8s.io/klog/v2/internal/serialize k8s.io/klog/v2/internal/severity -# k8s.io/kms v0.27.2 => k8s.io/kms v0.27.2 +# k8s.io/kms v0.27.4 => k8s.io/kms v0.27.4 ## explicit; go 1.20 k8s.io/kms/apis/v1beta1 k8s.io/kms/apis/v2 k8s.io/kms/pkg/service k8s.io/kms/pkg/util -# k8s.io/kube-aggregator v0.27.2 => k8s.io/kube-aggregator v0.27.2 +# k8s.io/kube-aggregator v0.27.4 => k8s.io/kube-aggregator v0.27.4 ## explicit; go 1.20 k8s.io/kube-aggregator/pkg/apis/apiregistration k8s.io/kube-aggregator/pkg/apis/apiregistration/install @@ -1928,7 +1928,7 @@ k8s.io/kube-openapi/pkg/validation/spec k8s.io/kube-openapi/pkg/validation/strfmt k8s.io/kube-openapi/pkg/validation/strfmt/bson k8s.io/kube-openapi/pkg/validation/validate -# k8s.io/kubectl v0.27.2 => k8s.io/kubectl v0.27.2 +# k8s.io/kubectl v0.27.4 => k8s.io/kubectl v0.27.4 ## explicit; go 1.20 k8s.io/kubectl/pkg/cmd/util k8s.io/kubectl/pkg/scheme @@ -1938,10 +1938,10 @@ k8s.io/kubectl/pkg/util/openapi k8s.io/kubectl/pkg/util/templates k8s.io/kubectl/pkg/util/term k8s.io/kubectl/pkg/validation -# k8s.io/kubelet v0.27.2 => k8s.io/kubelet v0.27.2 +# k8s.io/kubelet v0.27.4 => k8s.io/kubelet v0.27.4 ## explicit; go 1.20 k8s.io/kubelet/pkg/apis -# k8s.io/kubernetes v1.27.2 => k8s.io/kubernetes v1.27.2 +# k8s.io/kubernetes v1.27.4 => k8s.io/kubernetes v1.27.4 ## explicit; go 1.20 k8s.io/kubernetes/pkg/api/legacyscheme k8s.io/kubernetes/pkg/api/service @@ -2230,31 +2230,31 @@ sigs.k8s.io/structured-merge-diff/v4/value sigs.k8s.io/yaml # github.com/distribution/distribution/v3 => github.com/openshift/docker-distribution/v3 v3.0.0-20230613095533-f65dc997445a # github.com/docker/docker => github.com/openshift/moby-moby v0.0.0-20190308215630-da810a85109d -# k8s.io/api => k8s.io/api v0.27.2 -# k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.27.2 -# k8s.io/apimachinery => k8s.io/apimachinery v0.27.2 +# k8s.io/api => k8s.io/api v0.27.4 +# k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.27.4 +# k8s.io/apimachinery => k8s.io/apimachinery v0.27.4 # k8s.io/apiserver => github.com/openshift/kubernetes-apiserver v0.0.0-20230525090225-51d24b204b3b -# k8s.io/cli-runtime => k8s.io/cli-runtime v0.27.2 -# k8s.io/client-go => k8s.io/client-go v0.27.2 -# k8s.io/cloud-provider => k8s.io/cloud-provider v0.27.2 -# k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.27.2 -# k8s.io/code-generator => k8s.io/code-generator v0.27.2 -# k8s.io/component-base => k8s.io/component-base v0.27.2 -# k8s.io/component-helpers => k8s.io/component-helpers v0.27.2 -# k8s.io/controller-manager => k8s.io/controller-manager v0.27.2 -# k8s.io/cri-api => k8s.io/cri-api v0.27.2 -# k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.27.2 -# k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.27.2 -# k8s.io/kms => k8s.io/kms v0.27.2 -# k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.27.2 -# k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.27.2 -# k8s.io/kube-proxy => k8s.io/kube-proxy v0.27.2 -# k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.27.2 -# k8s.io/kubectl => k8s.io/kubectl v0.27.2 -# k8s.io/kubelet => k8s.io/kubelet v0.27.2 -# k8s.io/kubernetes => k8s.io/kubernetes v1.27.2 -# k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.27.2 -# k8s.io/metrics => k8s.io/metrics v0.27.2 -# k8s.io/mount-utils => k8s.io/mount-utils v0.27.2 -# k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.27.2 -# k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.27.2 +# k8s.io/cli-runtime => k8s.io/cli-runtime v0.27.4 +# k8s.io/client-go => k8s.io/client-go v0.27.4 +# k8s.io/cloud-provider => k8s.io/cloud-provider v0.27.4 +# k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.27.4 +# k8s.io/code-generator => k8s.io/code-generator v0.27.4 +# k8s.io/component-base => k8s.io/component-base v0.27.4 +# k8s.io/component-helpers => k8s.io/component-helpers v0.27.4 +# k8s.io/controller-manager => k8s.io/controller-manager v0.27.4 +# k8s.io/cri-api => k8s.io/cri-api v0.27.4 +# k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.27.4 +# k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.27.4 +# k8s.io/kms => k8s.io/kms v0.27.4 +# k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.27.4 +# k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.27.4 +# k8s.io/kube-proxy => k8s.io/kube-proxy v0.27.4 +# k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.27.4 +# k8s.io/kubectl => k8s.io/kubectl v0.27.4 +# k8s.io/kubelet => k8s.io/kubelet v0.27.4 +# k8s.io/kubernetes => k8s.io/kubernetes v1.27.4 +# k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.27.4 +# k8s.io/metrics => k8s.io/metrics v0.27.4 +# k8s.io/mount-utils => k8s.io/mount-utils v0.27.4 +# k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.27.4 +# k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.27.4 From c4a4643b6c0ff743f67cc7549d20fa973474c197 Mon Sep 17 00:00:00 2001 From: Miheer Salunke Date: Sat, 1 Jul 2023 15:13:05 +1000 Subject: [PATCH 2/3] This commit adds route API changes to set/delete headers. This also has an unit test to test conversion from versioned to un-versioned API and vice-versa. JIRA tiket - https://issues.redhat.com/browse/NE-982 Enhancement Proposal - openshift/enhancements#1296 --- pkg/route/apis/route/types.go | 119 +++++++++++ pkg/route/apis/route/v1/conversion_test.go | 234 ++++++++++++++++++++- 2 files changed, 350 insertions(+), 3 deletions(-) diff --git a/pkg/route/apis/route/types.go b/pkg/route/apis/route/types.go index 61422bfb11..bbcf551b5c 100644 --- a/pkg/route/apis/route/types.go +++ b/pkg/route/apis/route/types.go @@ -61,8 +61,127 @@ type RouteSpec struct { // Wildcard policy if any for the route. // Currently only 'Subdomain' or 'None' is allowed. WildcardPolicy WildcardPolicyType + + // HTTPHeaders defines policy for HTTP headers. + HTTPHeaders *RouteHTTPHeaders +} + +// RouteHTTPHeaders defines policy for HTTP headers. +type RouteHTTPHeaders struct { + // Actions specifies options for modifying headers and their values. + // Note that this option only applies to cleartext HTTP connections + // and to secure HTTP connections for which the ingress controller + // terminates encryption (that is, edge-terminated or reencrypt + // connections). Headers cannot be modified for TLS passthrough + // connections. + // Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. + // `Strict-Transport-Security` may only be configured using the "haproxy.router.openshift.io/hsts_header" + // route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. + // In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after + // the actions specified in the IngressController's spec.httpHeaders.actions field. + // In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be + // executed after the actions specified in the Route's spec.httpHeaders.actions field. + // The headers set via this API will not appear in access logs. + // Any actions defined here are applied after any actions related to the following other fields: + // cache-control, spec.clientTLS, + // spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, + // and spec.httpHeaders.headerNameCaseAdjustments. + // The following header names are reserved and may not be modified via this API: + // Strict-Transport-Security, Proxy, Cookie, Set-Cookie. + // Note that the total size of all net added headers *after* interpolating dynamic values + // must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + // IngressController. Please refer to the documentation + // for that API field for more details. + Actions RouteHTTPHeaderActions +} + +// RouteHTTPHeaderActions defines configuration for actions on HTTP request and response headers. +type RouteHTTPHeaderActions struct { + // Response is a list of HTTP response headers to modify. + // Currently, actions may define to either `Set` or `Delete` headers values. + // Actions defined here will modify the response headers of all requests made through a route. + // These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. + // Route actions will be executed before IngressController actions for response headers. + // Actions are applied in sequence as defined in this list. + // A maximum of 20 response header actions may be configured. + // You can use this field to specify HTTP response headers that should be set or deleted + // when forwarding responses from your application to the client. + // Sample fetchers allowed are "res.hdr" and "ssl_c_der". + // Converters allowed are "lower" and "base64". + // Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + // Note: This field cannot be used if your route uses TLS passthrough. + Response []RouteHTTPHeader + // Request is a list of HTTP request headers to modify. + // Currently, actions may define to either `Set` or `Delete` headers values. + // Actions defined here will modify the request headers of all requests made through a route. + // These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. + // Currently, actions may define to either `Set` or `Delete` headers values. + // Route actions will be executed after IngressController actions for request headers. + // Actions are applied in sequence as defined in this list. + // A maximum of 20 request header actions may be configured. + // You can use this field to specify HTTP request headers that should be set or deleted + // when forwarding connections from the client to your application. + // Sample fetchers allowed are "req.hdr" and "ssl_c_der". + // Converters allowed are "lower" and "base64". + // Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + // Any request header configuration applied directly via a Route resource using this API + // will override header configuration for a header of the same name applied via + // spec.httpHeaders.actions on the IngressController or route annotation. + // Note: This field cannot be used if your route uses TLS passthrough. + Request []RouteHTTPHeader +} + +// RouteHTTPHeader specifies configuration for setting or deleting an HTTP header. +type RouteHTTPHeader struct { + // Name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header + // name as defined in RFC 2616 section 4.2. + // The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". + // The following header names are reserved and may not be modified via this API: + // Strict-Transport-Security, Proxy, Cookie, Set-Cookie. + // It must be no more than 255 characters in length. + // Header name must be unique. + Name string + + // Action specifies actions to perform on headers, such as setting or deleting headers. + Action RouteHTTPHeaderActionUnion } +// RouteHTTPHeaderActionUnion specifies an action to take on an HTTP header. +type RouteHTTPHeaderActionUnion struct { + // Type defines the type of the action to be applied on the header. + // Possible values are Set or Delete. + // Set allows you to set HTTP request and response headers. + // Delete allows you to delete HTTP request and response headers. + Type RouteHTTPHeaderActionType + + // Set defines the HTTP header that should be set: added if it doesn't exist or replaced if it does. + // This field is required when type is Set and forbidden otherwise. + Set *RouteSetHTTPHeader +} + +// RouteSetHTTPHeader specifies what value needs to be set on an HTTP header. +type RouteSetHTTPHeader struct { + // Value specifies a header value. + // Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in + // http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and + // otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + // The value of this field must be no more than 16384 characters in length. + // Note that the total size of all net added headers *after* interpolating dynamic values + // must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + // IngressController. + Value string +} + +// RouteHTTPHeaderActionType defines actions that can be performed on HTTP headers. +type RouteHTTPHeaderActionType string + +const ( + // Set specifies that an HTTP header should be set. + Set RouteHTTPHeaderActionType = "Set" + // Delete specifies that an HTTP header should be deleted. + Delete RouteHTTPHeaderActionType = "Delete" +) + // RouteTargetReference specifies the target that resolve into endpoints. Only the 'Service' // kind is allowed. Use 'weight' field to emphasize one over others. type RouteTargetReference struct { diff --git a/pkg/route/apis/route/v1/conversion_test.go b/pkg/route/apis/route/v1/conversion_test.go index 65edd53bbe..42a23581f7 100644 --- a/pkg/route/apis/route/v1/conversion_test.go +++ b/pkg/route/apis/route/v1/conversion_test.go @@ -3,14 +3,24 @@ package v1 import ( "testing" + apiequality "k8s.io/apimachinery/pkg/api/equality" "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/util/intstr" "github.com/davecgh/go-spew/spew" + "github.com/google/go-cmp/cmp" v1 "github.com/openshift/api/route/v1" "github.com/openshift/openshift-apiserver/pkg/api/apihelpers/apitesting" "github.com/openshift/openshift-apiserver/pkg/route/apis/route" ) +var scheme = runtime.NewScheme() +var convert = scheme.Convert + +func init() { + Install(scheme) +} + func TestFieldSelectorConversions(t *testing.T) { apitesting.FieldKeyCheck{ SchemeBuilder: []func(*runtime.Scheme) error{Install}, @@ -22,9 +32,6 @@ func TestFieldSelectorConversions(t *testing.T) { } func TestSupportingCamelConstants(t *testing.T) { - scheme := runtime.NewScheme() - Install(scheme) - for k, v := range map[v1.TLSTerminationType]v1.TLSTerminationType{ "Reencrypt": v1.TLSTerminationReencrypt, "Edge": v1.TLSTerminationEdge, @@ -41,3 +48,224 @@ func TestSupportingCamelConstants(t *testing.T) { } } } + +func setOrDeleteHeadersForVersioned(headers *v1.RouteHTTPHeaders) *v1.RouteSpec { + serviceName := "TestService" + serviceWeight := int32(0) + versionedRouteSpec := &v1.RouteSpec{ + Host: "host", + Path: "path", + Port: &v1.RoutePort{ + TargetPort: intstr.FromInt(8080), + }, + To: v1.RouteTargetReference{ + Name: serviceName, + Weight: &serviceWeight, + }, + TLS: &v1.TLSConfig{ + Termination: v1.TLSTerminationEdge, + Certificate: "abc", + Key: "def", + CACertificate: "ghi", + DestinationCACertificate: "jkl", + }, + } + + versionedRouteSpec.HTTPHeaders = headers + + return versionedRouteSpec +} + +func setOrDeleteHeadersForUnversioned(headers *route.RouteHTTPHeaders) *route.RouteSpec { + serviceName := "TestService" + serviceWeight := int32(0) + unversionedRouteSpec := &route.RouteSpec{ + Host: "host", + Path: "path", + Port: &route.RoutePort{ + TargetPort: intstr.FromInt(8080), + }, + To: route.RouteTargetReference{ + Name: serviceName, + Weight: &serviceWeight, + }, + TLS: &route.TLSConfig{ + Termination: route.TLSTerminationEdge, + Certificate: "abc", + Key: "def", + CACertificate: "ghi", + DestinationCACertificate: "jkl", + }, + } + + unversionedRouteSpec.HTTPHeaders = headers + + return unversionedRouteSpec +} + +func TestV1RouteSpecConversion(t *testing.T) { + headerNameXFrame := "X-Frame-Options" + headerNameAccept := "Accept" + + versionedRouteSpecResponseSetHeader := &v1.RouteHTTPHeaders{ + Actions: v1.RouteHTTPHeaderActions{ + Response: []v1.RouteHTTPHeader{ + { + Name: headerNameXFrame, + Action: v1.RouteHTTPHeaderActionUnion{ + Type: v1.Set, + Set: &v1.RouteSetHTTPHeader{ + Value: "DENY", + }, + }, + }, + }, + }, + } + + versionedRouteSpecResponseDeleteHeader := &v1.RouteHTTPHeaders{ + Actions: v1.RouteHTTPHeaderActions{ + Response: []v1.RouteHTTPHeader{ + { + Name: headerNameXFrame, + Action: v1.RouteHTTPHeaderActionUnion{ + Type: v1.Delete, + }, + }, + }, + }, + } + + unversionedRouteSpecResponseSetHeader := &route.RouteHTTPHeaders{ + Actions: route.RouteHTTPHeaderActions{ + Response: []route.RouteHTTPHeader{ + { + Name: headerNameXFrame, + Action: route.RouteHTTPHeaderActionUnion{ + Type: route.Set, + Set: &route.RouteSetHTTPHeader{ + Value: "DENY", + }, + }, + }, + }, + }, + } + + unversionedRouteSpecResponseDeleteHeader := &route.RouteHTTPHeaders{ + Actions: route.RouteHTTPHeaderActions{ + Response: []route.RouteHTTPHeader{ + { + Name: headerNameXFrame, + Action: route.RouteHTTPHeaderActionUnion{ + Type: route.Delete, + }, + }, + }, + }, + } + + versionedRouteSpecRequestSetHeader := &v1.RouteHTTPHeaders{ + Actions: v1.RouteHTTPHeaderActions{ + Request: []v1.RouteHTTPHeader{ + { + Name: headerNameAccept, + Action: v1.RouteHTTPHeaderActionUnion{ + Type: v1.Set, + Set: &v1.RouteSetHTTPHeader{ + Value: "text/plain,text/html", + }, + }, + }, + }, + }, + } + + unversionedRouteSpecRequestSetHeader := &route.RouteHTTPHeaders{ + Actions: route.RouteHTTPHeaderActions{ + Request: []route.RouteHTTPHeader{ + { + Name: headerNameAccept, + Action: route.RouteHTTPHeaderActionUnion{ + Type: route.Set, + Set: &route.RouteSetHTTPHeader{ + Value: "text/plain,text/html", + }, + }, + }, + }, + }, + } + + versionedRouteSpecRequestDeleteHeader := &v1.RouteHTTPHeaders{ + Actions: v1.RouteHTTPHeaderActions{ + Request: []v1.RouteHTTPHeader{ + { + Name: headerNameAccept, + Action: v1.RouteHTTPHeaderActionUnion{ + Type: v1.Delete, + }, + }, + }, + }, + } + + unversionedRouteSpecRequestDeleteHeader := &route.RouteHTTPHeaders{ + Actions: route.RouteHTTPHeaderActions{ + Request: []route.RouteHTTPHeader{ + { + Name: headerNameAccept, + Action: route.RouteHTTPHeaderActionUnion{ + Type: route.Delete, + }, + }, + }, + }, + } + + testcases := map[string]struct { + versionedRouteSpec1 *v1.RouteSpec + internalRouteSpec2 *route.RouteSpec + }{ + "RouteSpec Conversion 1 when header is a HTTP response and action is Set": { + versionedRouteSpec1: setOrDeleteHeadersForVersioned(versionedRouteSpecResponseSetHeader), + internalRouteSpec2: setOrDeleteHeadersForUnversioned(unversionedRouteSpecResponseSetHeader), + }, + "RouteSpec Conversion 2 when header is a HTTP request and action is Set": { + versionedRouteSpec1: setOrDeleteHeadersForVersioned(versionedRouteSpecRequestSetHeader), + internalRouteSpec2: setOrDeleteHeadersForUnversioned(unversionedRouteSpecRequestSetHeader), + }, + "RouteSpec Conversion 3 when header is a HTTP response and action is Delete": { + versionedRouteSpec1: setOrDeleteHeadersForVersioned(versionedRouteSpecResponseDeleteHeader), + internalRouteSpec2: setOrDeleteHeadersForUnversioned(unversionedRouteSpecResponseDeleteHeader), + }, + "RouteSpec Conversion 4 when header is a HTTP request and action is Delete": { + versionedRouteSpec1: setOrDeleteHeadersForVersioned(versionedRouteSpecRequestDeleteHeader), + internalRouteSpec2: setOrDeleteHeadersForUnversioned(unversionedRouteSpecRequestDeleteHeader), + }, + "RouteSpec Conversion 1 when header is a HTTP response is nil": { + versionedRouteSpec1: setOrDeleteHeadersForVersioned(nil), + internalRouteSpec2: setOrDeleteHeadersForUnversioned(nil), + }, + } + + for k, tc := range testcases { + // un-versioned -> versioned + internal1 := &v1.RouteSpec{} + if err := convert(tc.internalRouteSpec2, internal1, nil); err != nil { + t.Errorf("%q - %q: unexpected error: %v", k, "from route to routev1", err) + } + if !apiequality.Semantic.DeepEqual(internal1, tc.versionedRouteSpec1) { + t.Errorf("%q - %q: diff: %v", k, "from route to routev1", cmp.Diff(tc.versionedRouteSpec1, internal1)) + } + + // versioned -> un-versioned + internal2 := &route.RouteSpec{} + if err := convert(tc.versionedRouteSpec1, internal2, nil); err != nil { + t.Errorf("%q - %q: unexpected error: %v", k, "from routev1 to route", err) + } + if !apiequality.Semantic.DeepEqual(internal2, tc.internalRouteSpec2) { + t.Errorf("%q- %q: diff: %v", k, "from routev1 to route", cmp.Diff(tc.internalRouteSpec2, internal2)) + } + } +} From 02dfedfd7d9a6f725ea294c527acd3f0d759b0fd Mon Sep 17 00:00:00 2001 From: Miheer Salunke Date: Wed, 12 Jul 2023 23:42:36 +1000 Subject: [PATCH 3/3] Generated files after adding API for set/delete http header in RouteSpec followed by running `make update` followed by make verify. --- pkg/openapi/zz_generated.openapi.go | 478 +++++++++++++++++- .../apis/route/v1/zz_generated.conversion.go | 166 ++++++ pkg/route/apis/route/zz_generated.deepcopy.go | 106 ++++ 3 files changed, 746 insertions(+), 4 deletions(-) diff --git a/pkg/openapi/zz_generated.openapi.go b/pkg/openapi/zz_generated.openapi.go index 5d26dbae42..1321af407d 100644 --- a/pkg/openapi/zz_generated.openapi.go +++ b/pkg/openapi/zz_generated.openapi.go @@ -239,6 +239,8 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/config/v1.FeatureGateStatus": schema_openshift_api_config_v1_FeatureGateStatus(ref), "github.com/openshift/api/config/v1.GCPPlatformSpec": schema_openshift_api_config_v1_GCPPlatformSpec(ref), "github.com/openshift/api/config/v1.GCPPlatformStatus": schema_openshift_api_config_v1_GCPPlatformStatus(ref), + "github.com/openshift/api/config/v1.GCPResourceLabel": schema_openshift_api_config_v1_GCPResourceLabel(ref), + "github.com/openshift/api/config/v1.GCPResourceTag": schema_openshift_api_config_v1_GCPResourceTag(ref), "github.com/openshift/api/config/v1.GenericAPIServerConfig": schema_openshift_api_config_v1_GenericAPIServerConfig(ref), "github.com/openshift/api/config/v1.GenericControllerConfig": schema_openshift_api_config_v1_GenericControllerConfig(ref), "github.com/openshift/api/config/v1.GitHubIdentityProvider": schema_openshift_api_config_v1_GitHubIdentityProvider(ref), @@ -835,10 +837,14 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/operator/v1.IngressControllerCaptureHTTPCookieUnion": schema_openshift_api_operator_v1_IngressControllerCaptureHTTPCookieUnion(ref), "github.com/openshift/api/operator/v1.IngressControllerCaptureHTTPHeader": schema_openshift_api_operator_v1_IngressControllerCaptureHTTPHeader(ref), "github.com/openshift/api/operator/v1.IngressControllerCaptureHTTPHeaders": schema_openshift_api_operator_v1_IngressControllerCaptureHTTPHeaders(ref), + "github.com/openshift/api/operator/v1.IngressControllerHTTPHeader": schema_openshift_api_operator_v1_IngressControllerHTTPHeader(ref), + "github.com/openshift/api/operator/v1.IngressControllerHTTPHeaderActionUnion": schema_openshift_api_operator_v1_IngressControllerHTTPHeaderActionUnion(ref), + "github.com/openshift/api/operator/v1.IngressControllerHTTPHeaderActions": schema_openshift_api_operator_v1_IngressControllerHTTPHeaderActions(ref), "github.com/openshift/api/operator/v1.IngressControllerHTTPHeaders": schema_openshift_api_operator_v1_IngressControllerHTTPHeaders(ref), "github.com/openshift/api/operator/v1.IngressControllerHTTPUniqueIdHeaderPolicy": schema_openshift_api_operator_v1_IngressControllerHTTPUniqueIdHeaderPolicy(ref), "github.com/openshift/api/operator/v1.IngressControllerList": schema_openshift_api_operator_v1_IngressControllerList(ref), "github.com/openshift/api/operator/v1.IngressControllerLogging": schema_openshift_api_operator_v1_IngressControllerLogging(ref), + "github.com/openshift/api/operator/v1.IngressControllerSetHTTPHeader": schema_openshift_api_operator_v1_IngressControllerSetHTTPHeader(ref), "github.com/openshift/api/operator/v1.IngressControllerSpec": schema_openshift_api_operator_v1_IngressControllerSpec(ref), "github.com/openshift/api/operator/v1.IngressControllerStatus": schema_openshift_api_operator_v1_IngressControllerStatus(ref), "github.com/openshift/api/operator/v1.IngressControllerTuningOptions": schema_openshift_api_operator_v1_IngressControllerTuningOptions(ref), @@ -1005,10 +1011,15 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/quota/v1.ResourceQuotaStatusByNamespace": schema_openshift_api_quota_v1_ResourceQuotaStatusByNamespace(ref), "github.com/openshift/api/route/v1.LocalObjectReference": schema_openshift_api_route_v1_LocalObjectReference(ref), "github.com/openshift/api/route/v1.Route": schema_openshift_api_route_v1_Route(ref), + "github.com/openshift/api/route/v1.RouteHTTPHeader": schema_openshift_api_route_v1_RouteHTTPHeader(ref), + "github.com/openshift/api/route/v1.RouteHTTPHeaderActionUnion": schema_openshift_api_route_v1_RouteHTTPHeaderActionUnion(ref), + "github.com/openshift/api/route/v1.RouteHTTPHeaderActions": schema_openshift_api_route_v1_RouteHTTPHeaderActions(ref), + "github.com/openshift/api/route/v1.RouteHTTPHeaders": schema_openshift_api_route_v1_RouteHTTPHeaders(ref), "github.com/openshift/api/route/v1.RouteIngress": schema_openshift_api_route_v1_RouteIngress(ref), "github.com/openshift/api/route/v1.RouteIngressCondition": schema_openshift_api_route_v1_RouteIngressCondition(ref), "github.com/openshift/api/route/v1.RouteList": schema_openshift_api_route_v1_RouteList(ref), "github.com/openshift/api/route/v1.RoutePort": schema_openshift_api_route_v1_RoutePort(ref), + "github.com/openshift/api/route/v1.RouteSetHTTPHeader": schema_openshift_api_route_v1_RouteSetHTTPHeader(ref), "github.com/openshift/api/route/v1.RouteSpec": schema_openshift_api_route_v1_RouteSpec(ref), "github.com/openshift/api/route/v1.RouteStatus": schema_openshift_api_route_v1_RouteStatus(ref), "github.com/openshift/api/route/v1.RouteTargetReference": schema_openshift_api_route_v1_RouteTargetReference(ref), @@ -12602,10 +12613,124 @@ func schema_openshift_api_config_v1_GCPPlatformStatus(ref common.ReferenceCallba Format: "", }, }, + "resourceLabels": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "key", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1.GCPResourceLabel"), + }, + }, + }, + }, + }, + "resourceTags": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "key", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1.GCPResourceTag"), + }, + }, + }, + }, + }, }, Required: []string{"projectID", "region"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/config/v1.GCPResourceLabel", "github.com/openshift/api/config/v1.GCPResourceTag"}, + } +} + +func schema_openshift_api_config_v1_GCPResourceLabel(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "GCPResourceLabel is a label to apply to GCP resources created for the cluster.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "key": { + SchemaProps: spec.SchemaProps{ + Description: "key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` and `openshift-io`.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "value": { + SchemaProps: spec.SchemaProps{ + Description: "value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. Value must contain only lowercase letters, numeric characters, and the following special characters `_-`.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"key", "value"}, + }, + }, + } +} + +func schema_openshift_api_config_v1_GCPResourceTag(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "GCPResourceTag is a tag to apply to GCP resources created for the cluster.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "parentID": { + SchemaProps: spec.SchemaProps{ + Description: "parentID is the ID of the hierarchical resource where the tags are defined, e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "key": { + SchemaProps: spec.SchemaProps{ + Description: "key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "value": { + SchemaProps: spec.SchemaProps{ + Description: "value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"parentID", "key", "value"}, + }, + }, } } @@ -30884,12 +31009,14 @@ func schema_openshift_api_machine_v1_RootVolume(ref common.ReferenceCallback) co }, "volumeType": { SchemaProps: spec.SchemaProps{ - Description: "volumeType specifies the type of the root volume that will be provisioned. If not specifified, the root volume will be created as the type in the machine template. The maximum length of a volume type name is 255 characters, as per the OpenStack limit.", + Description: "volumeType specifies the type of the root volume that will be provisioned. The maximum length of a volume type name is 255 characters, as per the OpenStack limit.", + Default: "", Type: []string{"string"}, Format: "", }, }, }, + Required: []string{"volumeType"}, }, }, } @@ -42830,6 +42957,138 @@ func schema_openshift_api_operator_v1_IngressControllerCaptureHTTPHeaders(ref co } } +func schema_openshift_api_operator_v1_IngressControllerHTTPHeader(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, \"-!#$%&'*+.^_`\". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "action": { + SchemaProps: spec.SchemaProps{ + Description: "action specifies actions to perform on headers, such as setting or deleting headers.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/operator/v1.IngressControllerHTTPHeaderActionUnion"), + }, + }, + }, + Required: []string{"name", "action"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/operator/v1.IngressControllerHTTPHeaderActionUnion"}, + } +} + +func schema_openshift_api_operator_v1_IngressControllerHTTPHeaderActionUnion(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "IngressControllerHTTPHeaderActionUnion specifies an action to take on an HTTP header.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { + SchemaProps: spec.SchemaProps{ + Description: "type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "set": { + SchemaProps: spec.SchemaProps{ + Description: "set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise.", + Ref: ref("github.com/openshift/api/operator/v1.IngressControllerSetHTTPHeader"), + }, + }, + }, + Required: []string{"type"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "type", + "fields-to-discriminateBy": map[string]interface{}{ + "set": "Set", + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/operator/v1.IngressControllerSetHTTPHeader"}, + } +} + +func schema_openshift_api_operator_v1_IngressControllerHTTPHeaderActions(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "IngressControllerHTTPHeaderActions defines configuration for actions on HTTP request and response headers.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "response": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "response is a list of HTTP response headers to modify. Actions defined here will modify the response headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for response headers will be executed after Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. Sample fetchers allowed are \"res.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[res.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\".", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/operator/v1.IngressControllerHTTPHeader"), + }, + }, + }, + }, + }, + "request": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "request is a list of HTTP request headers to modify. Actions defined here will modify the request headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for request headers will be executed before Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. Sample fetchers allowed are \"req.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[req.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\".", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/operator/v1.IngressControllerHTTPHeader"), + }, + }, + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/operator/v1.IngressControllerHTTPHeader"}, + } +} + func schema_openshift_api_operator_v1_IngressControllerHTTPHeaders(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -42866,11 +43125,18 @@ func schema_openshift_api_operator_v1_IngressControllerHTTPHeaders(ref common.Re }, }, }, + "actions": { + SchemaProps: spec.SchemaProps{ + Description: "actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the \"haproxy.router.openshift.io/hsts_header\" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController's spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route's spec.httpHeaders.actions field. Headers set using this API cannot be captured for use in access logs. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/operator/v1.IngressControllerHTTPHeaderActions"), + }, + }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.IngressControllerHTTPUniqueIdHeaderPolicy"}, + "github.com/openshift/api/operator/v1.IngressControllerHTTPHeaderActions", "github.com/openshift/api/operator/v1.IngressControllerHTTPUniqueIdHeaderPolicy"}, } } @@ -42972,6 +43238,28 @@ func schema_openshift_api_operator_v1_IngressControllerLogging(ref common.Refere } } +func schema_openshift_api_operator_v1_IngressControllerSetHTTPHeader(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "IngressControllerSetHTTPHeader defines the value which needs to be set on an HTTP header.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "value": { + SchemaProps: spec.SchemaProps{ + Description: "value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"value"}, + }, + }, + } +} + func schema_openshift_api_operator_v1_IngressControllerSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -51763,6 +52051,160 @@ func schema_openshift_api_route_v1_Route(ref common.ReferenceCallback) common.Op } } +func schema_openshift_api_route_v1_RouteHTTPHeader(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RouteHTTPHeader specifies configuration for setting or deleting an HTTP header.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, \"-!#$%&'*+.^_`\". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "action": { + SchemaProps: spec.SchemaProps{ + Description: "action specifies actions to perform on headers, such as setting or deleting headers.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/route/v1.RouteHTTPHeaderActionUnion"), + }, + }, + }, + Required: []string{"name", "action"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/route/v1.RouteHTTPHeaderActionUnion"}, + } +} + +func schema_openshift_api_route_v1_RouteHTTPHeaderActionUnion(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RouteHTTPHeaderActionUnion specifies an action to take on an HTTP header.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { + SchemaProps: spec.SchemaProps{ + Description: "type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "set": { + SchemaProps: spec.SchemaProps{ + Description: "set defines the HTTP header that should be set: added if it doesn't exist or replaced if it does. This field is required when type is Set and forbidden otherwise.", + Ref: ref("github.com/openshift/api/route/v1.RouteSetHTTPHeader"), + }, + }, + }, + Required: []string{"type"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "type", + "fields-to-discriminateBy": map[string]interface{}{ + "set": "Set", + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/route/v1.RouteSetHTTPHeader"}, + } +} + +func schema_openshift_api_route_v1_RouteHTTPHeaderActions(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RouteHTTPHeaderActions defines configuration for actions on HTTP request and response headers.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "response": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "response is a list of HTTP response headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the response headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Route actions will be executed before IngressController actions for response headers. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. You can use this field to specify HTTP response headers that should be set or deleted when forwarding responses from your application to the client. Sample fetchers allowed are \"res.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[res.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\". Note: This field cannot be used if your route uses TLS passthrough.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/route/v1.RouteHTTPHeader"), + }, + }, + }, + }, + }, + "request": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "request is a list of HTTP request headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the request headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Currently, actions may define to either `Set` or `Delete` headers values. Route actions will be executed after IngressController actions for request headers. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. You can use this field to specify HTTP request headers that should be set or deleted when forwarding connections from the client to your application. Sample fetchers allowed are \"req.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[req.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\". Any request header configuration applied directly via a Route resource using this API will override header configuration for a header of the same name applied via spec.httpHeaders.actions on the IngressController or route annotation. Note: This field cannot be used if your route uses TLS passthrough.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/route/v1.RouteHTTPHeader"), + }, + }, + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/route/v1.RouteHTTPHeader"}, + } +} + +func schema_openshift_api_route_v1_RouteHTTPHeaders(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RouteHTTPHeaders defines policy for HTTP headers.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "actions": { + SchemaProps: spec.SchemaProps{ + Description: "actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the \"haproxy.router.openshift.io/hsts_header\" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController's spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route's spec.httpHeaders.actions field. The headers set via this API will not appear in access logs. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/route/v1.RouteHTTPHeaderActions"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/route/v1.RouteHTTPHeaderActions"}, + } +} + func schema_openshift_api_route_v1_RouteIngress(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -51946,6 +52388,28 @@ func schema_openshift_api_route_v1_RoutePort(ref common.ReferenceCallback) commo } } +func schema_openshift_api_route_v1_RouteSetHTTPHeader(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RouteSetHTTPHeader specifies what value needs to be set on an HTTP header.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "value": { + SchemaProps: spec.SchemaProps{ + Description: "value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"value"}, + }, + }, + } +} + func schema_openshift_api_route_v1_RouteSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -52014,12 +52478,18 @@ func schema_openshift_api_route_v1_RouteSpec(ref common.ReferenceCallback) commo Format: "", }, }, + "httpHeaders": { + SchemaProps: spec.SchemaProps{ + Description: "httpHeaders defines policy for HTTP headers.", + Ref: ref("github.com/openshift/api/route/v1.RouteHTTPHeaders"), + }, + }, }, Required: []string{"to"}, }, }, Dependencies: []string{ - "github.com/openshift/api/route/v1.RoutePort", "github.com/openshift/api/route/v1.RouteTargetReference", "github.com/openshift/api/route/v1.TLSConfig"}, + "github.com/openshift/api/route/v1.RouteHTTPHeaders", "github.com/openshift/api/route/v1.RoutePort", "github.com/openshift/api/route/v1.RouteTargetReference", "github.com/openshift/api/route/v1.TLSConfig"}, } } @@ -52128,7 +52598,7 @@ func schema_openshift_api_route_v1_TLSConfig(ref common.ReferenceCallback) commo Properties: map[string]spec.Schema{ "termination": { SchemaProps: spec.SchemaProps{ - Description: "termination indicates termination type.\n\n* edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend", + Description: "termination indicates termination type.\n\n* edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend\n\nNote: passthrough termination is incompatible with httpHeader actions", Default: "", Type: []string{"string"}, Format: "", diff --git a/pkg/route/apis/route/v1/zz_generated.conversion.go b/pkg/route/apis/route/v1/zz_generated.conversion.go index fb96ef58fc..cc39696c38 100644 --- a/pkg/route/apis/route/v1/zz_generated.conversion.go +++ b/pkg/route/apis/route/v1/zz_generated.conversion.go @@ -44,6 +44,46 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } + if err := s.AddGeneratedConversionFunc((*v1.RouteHTTPHeader)(nil), (*route.RouteHTTPHeader)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1_RouteHTTPHeader_To_route_RouteHTTPHeader(a.(*v1.RouteHTTPHeader), b.(*route.RouteHTTPHeader), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*route.RouteHTTPHeader)(nil), (*v1.RouteHTTPHeader)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_route_RouteHTTPHeader_To_v1_RouteHTTPHeader(a.(*route.RouteHTTPHeader), b.(*v1.RouteHTTPHeader), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*v1.RouteHTTPHeaderActionUnion)(nil), (*route.RouteHTTPHeaderActionUnion)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1_RouteHTTPHeaderActionUnion_To_route_RouteHTTPHeaderActionUnion(a.(*v1.RouteHTTPHeaderActionUnion), b.(*route.RouteHTTPHeaderActionUnion), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*route.RouteHTTPHeaderActionUnion)(nil), (*v1.RouteHTTPHeaderActionUnion)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_route_RouteHTTPHeaderActionUnion_To_v1_RouteHTTPHeaderActionUnion(a.(*route.RouteHTTPHeaderActionUnion), b.(*v1.RouteHTTPHeaderActionUnion), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*v1.RouteHTTPHeaderActions)(nil), (*route.RouteHTTPHeaderActions)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1_RouteHTTPHeaderActions_To_route_RouteHTTPHeaderActions(a.(*v1.RouteHTTPHeaderActions), b.(*route.RouteHTTPHeaderActions), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*route.RouteHTTPHeaderActions)(nil), (*v1.RouteHTTPHeaderActions)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_route_RouteHTTPHeaderActions_To_v1_RouteHTTPHeaderActions(a.(*route.RouteHTTPHeaderActions), b.(*v1.RouteHTTPHeaderActions), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*v1.RouteHTTPHeaders)(nil), (*route.RouteHTTPHeaders)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1_RouteHTTPHeaders_To_route_RouteHTTPHeaders(a.(*v1.RouteHTTPHeaders), b.(*route.RouteHTTPHeaders), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*route.RouteHTTPHeaders)(nil), (*v1.RouteHTTPHeaders)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_route_RouteHTTPHeaders_To_v1_RouteHTTPHeaders(a.(*route.RouteHTTPHeaders), b.(*v1.RouteHTTPHeaders), scope) + }); err != nil { + return err + } if err := s.AddGeneratedConversionFunc((*v1.RouteIngress)(nil), (*route.RouteIngress)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1_RouteIngress_To_route_RouteIngress(a.(*v1.RouteIngress), b.(*route.RouteIngress), scope) }); err != nil { @@ -84,6 +124,16 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } + if err := s.AddGeneratedConversionFunc((*v1.RouteSetHTTPHeader)(nil), (*route.RouteSetHTTPHeader)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1_RouteSetHTTPHeader_To_route_RouteSetHTTPHeader(a.(*v1.RouteSetHTTPHeader), b.(*route.RouteSetHTTPHeader), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*route.RouteSetHTTPHeader)(nil), (*v1.RouteSetHTTPHeader)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_route_RouteSetHTTPHeader_To_v1_RouteSetHTTPHeader(a.(*route.RouteSetHTTPHeader), b.(*v1.RouteSetHTTPHeader), scope) + }); err != nil { + return err + } if err := s.AddGeneratedConversionFunc((*v1.RouteSpec)(nil), (*route.RouteSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1_RouteSpec_To_route_RouteSpec(a.(*v1.RouteSpec), b.(*route.RouteSpec), scope) }); err != nil { @@ -189,6 +239,100 @@ func Convert_route_Route_To_v1_Route(in *route.Route, out *v1.Route, s conversio return autoConvert_route_Route_To_v1_Route(in, out, s) } +func autoConvert_v1_RouteHTTPHeader_To_route_RouteHTTPHeader(in *v1.RouteHTTPHeader, out *route.RouteHTTPHeader, s conversion.Scope) error { + out.Name = in.Name + if err := Convert_v1_RouteHTTPHeaderActionUnion_To_route_RouteHTTPHeaderActionUnion(&in.Action, &out.Action, s); err != nil { + return err + } + return nil +} + +// Convert_v1_RouteHTTPHeader_To_route_RouteHTTPHeader is an autogenerated conversion function. +func Convert_v1_RouteHTTPHeader_To_route_RouteHTTPHeader(in *v1.RouteHTTPHeader, out *route.RouteHTTPHeader, s conversion.Scope) error { + return autoConvert_v1_RouteHTTPHeader_To_route_RouteHTTPHeader(in, out, s) +} + +func autoConvert_route_RouteHTTPHeader_To_v1_RouteHTTPHeader(in *route.RouteHTTPHeader, out *v1.RouteHTTPHeader, s conversion.Scope) error { + out.Name = in.Name + if err := Convert_route_RouteHTTPHeaderActionUnion_To_v1_RouteHTTPHeaderActionUnion(&in.Action, &out.Action, s); err != nil { + return err + } + return nil +} + +// Convert_route_RouteHTTPHeader_To_v1_RouteHTTPHeader is an autogenerated conversion function. +func Convert_route_RouteHTTPHeader_To_v1_RouteHTTPHeader(in *route.RouteHTTPHeader, out *v1.RouteHTTPHeader, s conversion.Scope) error { + return autoConvert_route_RouteHTTPHeader_To_v1_RouteHTTPHeader(in, out, s) +} + +func autoConvert_v1_RouteHTTPHeaderActionUnion_To_route_RouteHTTPHeaderActionUnion(in *v1.RouteHTTPHeaderActionUnion, out *route.RouteHTTPHeaderActionUnion, s conversion.Scope) error { + out.Type = route.RouteHTTPHeaderActionType(in.Type) + out.Set = (*route.RouteSetHTTPHeader)(unsafe.Pointer(in.Set)) + return nil +} + +// Convert_v1_RouteHTTPHeaderActionUnion_To_route_RouteHTTPHeaderActionUnion is an autogenerated conversion function. +func Convert_v1_RouteHTTPHeaderActionUnion_To_route_RouteHTTPHeaderActionUnion(in *v1.RouteHTTPHeaderActionUnion, out *route.RouteHTTPHeaderActionUnion, s conversion.Scope) error { + return autoConvert_v1_RouteHTTPHeaderActionUnion_To_route_RouteHTTPHeaderActionUnion(in, out, s) +} + +func autoConvert_route_RouteHTTPHeaderActionUnion_To_v1_RouteHTTPHeaderActionUnion(in *route.RouteHTTPHeaderActionUnion, out *v1.RouteHTTPHeaderActionUnion, s conversion.Scope) error { + out.Type = v1.RouteHTTPHeaderActionType(in.Type) + out.Set = (*v1.RouteSetHTTPHeader)(unsafe.Pointer(in.Set)) + return nil +} + +// Convert_route_RouteHTTPHeaderActionUnion_To_v1_RouteHTTPHeaderActionUnion is an autogenerated conversion function. +func Convert_route_RouteHTTPHeaderActionUnion_To_v1_RouteHTTPHeaderActionUnion(in *route.RouteHTTPHeaderActionUnion, out *v1.RouteHTTPHeaderActionUnion, s conversion.Scope) error { + return autoConvert_route_RouteHTTPHeaderActionUnion_To_v1_RouteHTTPHeaderActionUnion(in, out, s) +} + +func autoConvert_v1_RouteHTTPHeaderActions_To_route_RouteHTTPHeaderActions(in *v1.RouteHTTPHeaderActions, out *route.RouteHTTPHeaderActions, s conversion.Scope) error { + out.Response = *(*[]route.RouteHTTPHeader)(unsafe.Pointer(&in.Response)) + out.Request = *(*[]route.RouteHTTPHeader)(unsafe.Pointer(&in.Request)) + return nil +} + +// Convert_v1_RouteHTTPHeaderActions_To_route_RouteHTTPHeaderActions is an autogenerated conversion function. +func Convert_v1_RouteHTTPHeaderActions_To_route_RouteHTTPHeaderActions(in *v1.RouteHTTPHeaderActions, out *route.RouteHTTPHeaderActions, s conversion.Scope) error { + return autoConvert_v1_RouteHTTPHeaderActions_To_route_RouteHTTPHeaderActions(in, out, s) +} + +func autoConvert_route_RouteHTTPHeaderActions_To_v1_RouteHTTPHeaderActions(in *route.RouteHTTPHeaderActions, out *v1.RouteHTTPHeaderActions, s conversion.Scope) error { + out.Response = *(*[]v1.RouteHTTPHeader)(unsafe.Pointer(&in.Response)) + out.Request = *(*[]v1.RouteHTTPHeader)(unsafe.Pointer(&in.Request)) + return nil +} + +// Convert_route_RouteHTTPHeaderActions_To_v1_RouteHTTPHeaderActions is an autogenerated conversion function. +func Convert_route_RouteHTTPHeaderActions_To_v1_RouteHTTPHeaderActions(in *route.RouteHTTPHeaderActions, out *v1.RouteHTTPHeaderActions, s conversion.Scope) error { + return autoConvert_route_RouteHTTPHeaderActions_To_v1_RouteHTTPHeaderActions(in, out, s) +} + +func autoConvert_v1_RouteHTTPHeaders_To_route_RouteHTTPHeaders(in *v1.RouteHTTPHeaders, out *route.RouteHTTPHeaders, s conversion.Scope) error { + if err := Convert_v1_RouteHTTPHeaderActions_To_route_RouteHTTPHeaderActions(&in.Actions, &out.Actions, s); err != nil { + return err + } + return nil +} + +// Convert_v1_RouteHTTPHeaders_To_route_RouteHTTPHeaders is an autogenerated conversion function. +func Convert_v1_RouteHTTPHeaders_To_route_RouteHTTPHeaders(in *v1.RouteHTTPHeaders, out *route.RouteHTTPHeaders, s conversion.Scope) error { + return autoConvert_v1_RouteHTTPHeaders_To_route_RouteHTTPHeaders(in, out, s) +} + +func autoConvert_route_RouteHTTPHeaders_To_v1_RouteHTTPHeaders(in *route.RouteHTTPHeaders, out *v1.RouteHTTPHeaders, s conversion.Scope) error { + if err := Convert_route_RouteHTTPHeaderActions_To_v1_RouteHTTPHeaderActions(&in.Actions, &out.Actions, s); err != nil { + return err + } + return nil +} + +// Convert_route_RouteHTTPHeaders_To_v1_RouteHTTPHeaders is an autogenerated conversion function. +func Convert_route_RouteHTTPHeaders_To_v1_RouteHTTPHeaders(in *route.RouteHTTPHeaders, out *v1.RouteHTTPHeaders, s conversion.Scope) error { + return autoConvert_route_RouteHTTPHeaders_To_v1_RouteHTTPHeaders(in, out, s) +} + func autoConvert_v1_RouteIngress_To_route_RouteIngress(in *v1.RouteIngress, out *route.RouteIngress, s conversion.Scope) error { out.Host = in.Host out.RouterName = in.RouterName @@ -287,6 +431,26 @@ func Convert_route_RoutePort_To_v1_RoutePort(in *route.RoutePort, out *v1.RouteP return autoConvert_route_RoutePort_To_v1_RoutePort(in, out, s) } +func autoConvert_v1_RouteSetHTTPHeader_To_route_RouteSetHTTPHeader(in *v1.RouteSetHTTPHeader, out *route.RouteSetHTTPHeader, s conversion.Scope) error { + out.Value = in.Value + return nil +} + +// Convert_v1_RouteSetHTTPHeader_To_route_RouteSetHTTPHeader is an autogenerated conversion function. +func Convert_v1_RouteSetHTTPHeader_To_route_RouteSetHTTPHeader(in *v1.RouteSetHTTPHeader, out *route.RouteSetHTTPHeader, s conversion.Scope) error { + return autoConvert_v1_RouteSetHTTPHeader_To_route_RouteSetHTTPHeader(in, out, s) +} + +func autoConvert_route_RouteSetHTTPHeader_To_v1_RouteSetHTTPHeader(in *route.RouteSetHTTPHeader, out *v1.RouteSetHTTPHeader, s conversion.Scope) error { + out.Value = in.Value + return nil +} + +// Convert_route_RouteSetHTTPHeader_To_v1_RouteSetHTTPHeader is an autogenerated conversion function. +func Convert_route_RouteSetHTTPHeader_To_v1_RouteSetHTTPHeader(in *route.RouteSetHTTPHeader, out *v1.RouteSetHTTPHeader, s conversion.Scope) error { + return autoConvert_route_RouteSetHTTPHeader_To_v1_RouteSetHTTPHeader(in, out, s) +} + func autoConvert_v1_RouteSpec_To_route_RouteSpec(in *v1.RouteSpec, out *route.RouteSpec, s conversion.Scope) error { out.Host = in.Host out.Subdomain = in.Subdomain @@ -298,6 +462,7 @@ func autoConvert_v1_RouteSpec_To_route_RouteSpec(in *v1.RouteSpec, out *route.Ro out.Port = (*route.RoutePort)(unsafe.Pointer(in.Port)) out.TLS = (*route.TLSConfig)(unsafe.Pointer(in.TLS)) out.WildcardPolicy = route.WildcardPolicyType(in.WildcardPolicy) + out.HTTPHeaders = (*route.RouteHTTPHeaders)(unsafe.Pointer(in.HTTPHeaders)) return nil } @@ -317,6 +482,7 @@ func autoConvert_route_RouteSpec_To_v1_RouteSpec(in *route.RouteSpec, out *v1.Ro out.Port = (*v1.RoutePort)(unsafe.Pointer(in.Port)) out.TLS = (*v1.TLSConfig)(unsafe.Pointer(in.TLS)) out.WildcardPolicy = v1.WildcardPolicyType(in.WildcardPolicy) + out.HTTPHeaders = (*v1.RouteHTTPHeaders)(unsafe.Pointer(in.HTTPHeaders)) return nil } diff --git a/pkg/route/apis/route/zz_generated.deepcopy.go b/pkg/route/apis/route/zz_generated.deepcopy.go index 889804f9d0..0ac2739fc8 100644 --- a/pkg/route/apis/route/zz_generated.deepcopy.go +++ b/pkg/route/apis/route/zz_generated.deepcopy.go @@ -53,6 +53,91 @@ func (in *Route) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RouteHTTPHeader) DeepCopyInto(out *RouteHTTPHeader) { + *out = *in + in.Action.DeepCopyInto(&out.Action) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteHTTPHeader. +func (in *RouteHTTPHeader) DeepCopy() *RouteHTTPHeader { + if in == nil { + return nil + } + out := new(RouteHTTPHeader) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RouteHTTPHeaderActionUnion) DeepCopyInto(out *RouteHTTPHeaderActionUnion) { + *out = *in + if in.Set != nil { + in, out := &in.Set, &out.Set + *out = new(RouteSetHTTPHeader) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteHTTPHeaderActionUnion. +func (in *RouteHTTPHeaderActionUnion) DeepCopy() *RouteHTTPHeaderActionUnion { + if in == nil { + return nil + } + out := new(RouteHTTPHeaderActionUnion) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RouteHTTPHeaderActions) DeepCopyInto(out *RouteHTTPHeaderActions) { + *out = *in + if in.Response != nil { + in, out := &in.Response, &out.Response + *out = make([]RouteHTTPHeader, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Request != nil { + in, out := &in.Request, &out.Request + *out = make([]RouteHTTPHeader, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteHTTPHeaderActions. +func (in *RouteHTTPHeaderActions) DeepCopy() *RouteHTTPHeaderActions { + if in == nil { + return nil + } + out := new(RouteHTTPHeaderActions) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RouteHTTPHeaders) DeepCopyInto(out *RouteHTTPHeaders) { + *out = *in + in.Actions.DeepCopyInto(&out.Actions) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteHTTPHeaders. +func (in *RouteHTTPHeaders) DeepCopy() *RouteHTTPHeaders { + if in == nil { + return nil + } + out := new(RouteHTTPHeaders) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RouteIngress) DeepCopyInto(out *RouteIngress) { *out = *in @@ -146,6 +231,22 @@ func (in *RoutePort) DeepCopy() *RoutePort { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RouteSetHTTPHeader) DeepCopyInto(out *RouteSetHTTPHeader) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteSetHTTPHeader. +func (in *RouteSetHTTPHeader) DeepCopy() *RouteSetHTTPHeader { + if in == nil { + return nil + } + out := new(RouteSetHTTPHeader) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RouteSpec) DeepCopyInto(out *RouteSpec) { *out = *in @@ -167,6 +268,11 @@ func (in *RouteSpec) DeepCopyInto(out *RouteSpec) { *out = new(TLSConfig) (*in).DeepCopyInto(*out) } + if in.HTTPHeaders != nil { + in, out := &in.HTTPHeaders, &out.HTTPHeaders + *out = new(RouteHTTPHeaders) + (*in).DeepCopyInto(*out) + } return }